[ubuntu-cloud-archive/folsom-updates] python-django (Accepted)
James Page
james.page at ubuntu.com
Tue Jun 3 12:40:59 UTC 2014
python-django (1.4.1-2ubuntu0.7~cloud0) precise-folsom; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
python-django (1.4.1-2ubuntu0.7) quantal-security; urgency=medium
.
* SECURITY UPDATE: cache coherency problems in old Internet Explorer
compatibility functions lead to loss of privacy and cache poisoning
attacks. (LP: #1317663)
- debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
and fix_IE_for_attach() functions so Cache-Control and Vary headers are
no longer modified. This may introduce some regressions for IE 6 and IE 7
users. Patch from upstream.
- CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
some malformed URLs, which are accepted by some browsers. This allows a
user to be redirected to an unsafe URL unexpectedly.
- debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
forbid URLs without a host but with a path. Patch from upstream.
Date: Thu, 15 May 2014 06:02:43 -0400
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>
More information about the Cloud-archive-changes
mailing list