[ubuntu-cloud-archive/icehouse-proposed] python-django (Accepted)

[James Page]

 python-django (1.6.1-2ubuntu0.6~cloud0) precise-icehouse; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-django (1.6.1-2ubuntu0.6) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: WSGI header spoofing via underscore/dash conflation
     - debian/patches/CVE-2015-0219.patch: strip headers with underscores in
       django/core/servers/basehttp.py, added blurb to
       docs/howto/auth-remote-user.txt, added test to
       tests/servers/test_basehttp.py.
     - CVE-2015-0219
   * SECURITY UPDATE: Mitigated possible XSS attack via user-supplied
     redirect URLs
     - debian/patches/CVE-2015-0220.patch: filter url in
       django/utils/http.py, added test to tests/utils_tests/test_http.py.
     - CVE-2015-0220
   * SECURITY UPDATE: Denial-of-service attack against
     django.views.static.serve
     - debian/patches/CVE-2015-0221.patch: limit large files in
       django/views/static.py, added test to
       tests/view_tests/media/long-line.txt,
       tests/view_tests/tests/test_static.py.
     - CVE-2015-0221
   * SECURITY UPDATE: Database denial-of-service with
     ModelMultipleChoiceField
     - debian/patches/CVE-2015-0222.patch: check values in
       django/forms/models.py, added test to tests/model_forms/tests.py.
     - CVE-2015-0222

Date: Wed, 14 Jan 2015 03:07:06 -0500
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>