[ubuntu/bionic-proposed] python-django 1:1.11.10-1ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Fri Feb 23 19:59:18 UTC 2018 

python-django (1:1.11.10-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/pymysql-replacement.patch: Use pymysql as drop in
      replacement for MySQLdb.
    - debian/control: Drop python-mysqldb in favor of python-pymysql.

python-django (1:1.11.10-1) unstable; urgency=medium

  * New upstream security release:
    - CVE-2018-6188: A regression in Django 1.11.8 made
      django.contrib.auth.forms.AuthenticationForm run its
      confirm_login_allowed() method even if an incorrect password is entered.
      This can leak information about a user, depending on what messages
      confirm_login_allowed() raises. If confirm_login_allowed() isn't
      overridden, an attacker enter an arbitrary username and see if that user
      has been set to is_active=False. If confirm_login_allowed() is
      overridden, more sensitive details could be leaked.
  * Use HTTPS "Format" URI in debian/copyright.

Date: Fri, 23 Feb 2018 11:56:40 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/1:1.11.10-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 23 Feb 2018 11:56:40 -0800
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Architecture: source
Version: 1:1.11.10-1ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1:1.11.10-1ubuntu1) bionic; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/patches/pymysql-replacement.patch: Use pymysql as drop in
       replacement for MySQLdb.
     - debian/control: Drop python-mysqldb in favor of python-pymysql.
 .
 python-django (1:1.11.10-1) unstable; urgency=medium
 .
   * New upstream security release:
     - CVE-2018-6188: A regression in Django 1.11.8 made
       django.contrib.auth.forms.AuthenticationForm run its
       confirm_login_allowed() method even if an incorrect password is entered.
       This can leak information about a user, depending on what messages
       confirm_login_allowed() raises. If confirm_login_allowed() isn't
       overridden, an attacker enter an arbitrary username and see if that user
       has been set to is_active=False. If confirm_login_allowed() is
       overridden, more sensitive details could be leaked.
   * Use HTTPS "Format" URI in debian/copyright.
Checksums-Sha1:
 2e1459adce4bdce22babd8fa3e16f539f3318086 3295 python-django_1.11.10-1ubuntu1.dsc
 69485a3f6f9d0fcc15e5d50788bcae1f82216028 7881348 python-django_1.11.10.orig.tar.gz
 22fdde26e26f5b134cce5b22162de673747c7c66 27840 python-django_1.11.10-1ubuntu1.debian.tar.xz
 a38679c1ce9e5846bc0c558230103c0352914364 9134 python-django_1.11.10-1ubuntu1_source.buildinfo
Checksums-Sha256:
 2df130e7fac5c227a988cee827184d40cac48a96e2fdf735e3667f314629ca4f 3295 python-django_1.11.10-1ubuntu1.dsc
 22383567385a9c406d8a5ce080a2694c82c6b733e157922197e8b393bb3aacd9 7881348 python-django_1.11.10.orig.tar.gz
 1c0eb110f0791669f897fa3060d77de1bf749ac7b340290cdb95444c28b1baab 27840 python-django_1.11.10-1ubuntu1.debian.tar.xz
 7aa7665f76f2c8b63a281c6d490c036d736c2416f2eef698f4a069f99364ee53 9134 python-django_1.11.10-1ubuntu1_source.buildinfo
Files:
 25902e049d25af2a143995cbce34052d 3295 python optional python-django_1.11.10-1ubuntu1.dsc
 f306015e16a8d5024dbac923ac34fffb 7881348 python optional python-django_1.11.10.orig.tar.gz
 525ccdb1adffe0a915bbbf16ac5874ff 27840 python optional python-django_1.11.10-1ubuntu1.debian.tar.xz
 0b3c09650d2429924d0fb3bd3903a2c9 9134 python optional python-django_1.11.10-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQI3BAEBCgAhBQJakHIUGhxzdGV2ZS5sYW5nYXNla0B1YnVudHUuY29tAAoJEFaN
MPMhshM9ol0QAIl7HafiojKx+uzLYPGLlC81FwJa9X1ad1JPSie7G1+6l/8zFcI9
SxXT8tGDsI48r8Fgfb06JuR8OjqNgW+D84ED/T5BMeDBQ7VudcCdOsDi09zb4mg5
ORHwMo1do3lRuTRZXWBIftcujMg/fTfXCDZnHp48fDukJegdIUaQpirH3rsQK6GC
TaxzwbEu2qCjMkK+aR77+p279Ktwxe+6eyqiLLgIFUR+dAh3iDVEN2hHVLbNi69k
lvUhSu6INvXBYMvByrOqsn3fB4rBXmZL9IXFtJR+EfSkG/wU6UzGTIQV7ifhj3e2
GMISpLFzsaLfA/FIx9e4S3Aglqpjd/EHrwYcVlW6VMKGks1HDmXmxnBl8HaBpzDR
xD7jSiu+GeDLASdO3UhX3FgmkNR1MV22QigdUsYcAATD6Xq8VshM2iUQBNhPdeCt
0V2A9UR6mSfta96mRAvpAuGcdroOkH6HBOiJVSamBdTE3TbhoL1aWnR2ocQcrB0z
tSLtC9HygswcxXKAVVDtFUpL3xSdQJ19EQMa93AEjxBZB5k9JAmRBF6Ov9KqQIFF
V0gasayIMvQDOpAsX2XJr1YuR0sjJcAN73XZwY8lhKInDfSm+x5oW1AhY5GGwcWT
HqP8snt9p5ubWqPLmLCIPK+ZynwA3SkIOibc3vaLpN3rI6sWGK0J2VEK
=OBFy
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list