[ubuntu/karmic-security] python-django_1.1.1-1ubuntu1.2_i386_translations.tar.gz (delayed), python-django 1.1.1-1ubuntu1.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Feb 17 17:05:14 UTC 2011 

python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low

  * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
    - debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
      requests, regardless of apparent AJAX origin. This is technically
      backwards-incompatible, but the security risks have been judged to
      outweigh the compatibility concerns in this case. See the Django project
      notes for more information:
      http://www.djangoproject.com/weblog/2011/feb/08/security/
    - CVE-2011-0696
  * SECURITY UPDATE: potential XSS in file field rendering
    - debian/patches/25_CVE-2011-0697.diff: properly escape URL in
      django/contrib/admin/widgets.py
    - CVE-2011-0697

Date: Tue, 15 Feb 2011 17:18:54 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/python-django/1.1.1-1ubuntu1.2
-------------- next part --------------
Format: 1.8
Date: Tue, 15 Feb 2011 17:18:54 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-1ubuntu1.2
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Changes: 
 python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low
 .
   * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
     - debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
       requests, regardless of apparent AJAX origin. This is technically
       backwards-incompatible, but the security risks have been judged to
       outweigh the compatibility concerns in this case. See the Django project
       notes for more information:
       http://www.djangoproject.com/weblog/2011/feb/08/security/
     - CVE-2011-0696
   * SECURITY UPDATE: potential XSS in file field rendering
     - debian/patches/25_CVE-2011-0697.diff: properly escape URL in
       django/contrib/admin/widgets.py
     - CVE-2011-0697
Checksums-Sha1: 
 bf8679cabea2782af7b8186c6c1cd1a2bd53019e 2215 python-django_1.1.1-1ubuntu1.2.dsc
 728bd1a63f3551bf0cfb5a91c69038a3e33dae5c 23178 python-django_1.1.1-1ubuntu1.2.diff.gz
Checksums-Sha256: 
 3eac717503981b4dc9f5def5271a20d3bb3b5474ddc7610d9a9f86a408d17e9e 2215 python-django_1.1.1-1ubuntu1.2.dsc
 3f571d203c827937fac53dbd3c3394fc8674218071ca9810f5c27c17e63718e1 23178 python-django_1.1.1-1ubuntu1.2.diff.gz
Files: 
 9665d3d7efb78757cc7debdd8de52dee 2215 python optional python-django_1.1.1-1ubuntu1.2.dsc
 9ee3275d17444e0fe9f29b558a50d656 23178 python optional python-django_1.1.1-1ubuntu1.2.diff.gz
Launchpad-Bugs-Fixed: 719031
Original-Maintainer: Chris Lamb <lamby at debian.org>

More information about the Karmic-changes mailing list