[ubuntu-cloud-archive/havana-proposed] python-django (Accepted)

James Page james.page at ubuntu.com
Fri May 16 12:42:48 UTC 2014

 python-django (1.5.4-1ubuntu1.3~cloud0) precise-havana; urgency=medium
   * New update for the Ubuntu Cloud Archive.
 python-django (1.5.4-1ubuntu1.3) saucy-security; urgency=medium
   * SECURITY UPDATE: cache coherency problems in old Internet Explorer
     compatibility functions lead to loss of privacy and cache poisoning
     attacks. (LP: #1317663)
     - debian/patches/drop_fix_ie_for_vary_1_5.diff: remove fix_IE_for_vary()
       and fix_IE_for_attach() functions so Cache-Control and Vary headers are
       no longer modified. This may introduce some regressions for IE 6 and IE 7
       users. Patch from upstream.
     - CVE-2014-1418
   * SECURITY UPDATE: The validation for redirects did not correctly validate
     some malformed URLs, which are accepted by some browsers. This allows a
     user to be redirected to an unsafe URL unexpectedly.
     - debian/patches/is_safe_url_1_5.diff: Forbid URLs starting with '///',
       forbid URLs without a host but with a path. Patch from upstream.

Date: Thu, 15 May 2014 04:03:49 -0400
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>

More information about the Cloud-archive-changes mailing list