[ubuntu-cloud-archive/grizzly-updates] python-django (Accepted)

Adam Gandelman adamg at ubuntu.com
Thu Sep 26 21:03:32 UTC 2013


 python-django (1.4.5-1ubuntu0.1~cloud0) precise-grizzly; urgency=low
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-django (1.4.5-1ubuntu0.1) raring-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
     - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
       in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
       django/contrib/auth/tests/hashers.py.
     - CVE-2013-1443
   * SECURITY UPDATE: directory traversal with ssi template tag
     - debian/patches/CVE-2013-4315.patch: properly check absolute path in
       django/template/defaulttags.py,
       tests/regressiontests/templates/tests.py.
     - CVE-2013-4315
   * SECURITY UPDATE: possible XSS via is_safe_url
     - debian/patches/security-is_safe_url.patch: properly reject URLs which
       specify a scheme other then HTTP or HTTPS.
     - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
     - No CVE number
   * debian/patches/fix-validation-tests.patch: fix regression in tests
     since example.com is now available via https.

Date: Tue, 24 Sep 2013 21:26:14 -0700
Changed-By: Adam Gandelman <adamg at ubuntu.com>
Signed-By: Adam Gandelman <adamg at ubuntu.com> 
Published-By: Adam Gandelman <adamg at ubuntu.com>


More information about the Cloud-archive-changes mailing list