[ubuntu/disco-updates] python-django 1:1.11.20-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jul 1 14:28:22 UTC 2019
python-django (1:1.11.20-1ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: Incorrect HTTP detection with reverse-proxy
connecting via HTTPS
- debian/patches/CVE-2019-12781.patch: made HttpRequest always
trusty SECURE_PROXY_SSL_HEADER if set in django/http/request.py,
docs/ref/settings.txt and added tests to tests/settings_test/tests.py.
- CVE-2019-12781
* SECURITY UPDATE: XSS in Django admin via AdminURLFieldWidget
- debian/patches/CVE-2019-12308.patch: made AdminURLFieldWidget
validate URL before rendering clickable link in
django/contrib/admin/templates/admin/widgets/url.html,
django/contrib/admin/widgets.py add test test/admin_widgets/tests.py.
- CVE-2019-12308
Date: 2019-06-24 17:39:18.758310+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list