[ubuntu/karmic-security] python-django_1.1.1-1ubuntu1.2_i386_translations.tar.gz (delayed), python-django 1.1.1-1ubuntu1.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Feb 17 17:05:14 UTC 2011
python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/25_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
Date: Tue, 15 Feb 2011 17:18:54 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/python-django/1.1.1-1ubuntu1.2
-------------- next part --------------
Format: 1.8
Date: Tue, 15 Feb 2011 17:18:54 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-1ubuntu1.2
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Changes:
python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low
.
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/25_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
Checksums-Sha1:
bf8679cabea2782af7b8186c6c1cd1a2bd53019e 2215 python-django_1.1.1-1ubuntu1.2.dsc
728bd1a63f3551bf0cfb5a91c69038a3e33dae5c 23178 python-django_1.1.1-1ubuntu1.2.diff.gz
Checksums-Sha256:
3eac717503981b4dc9f5def5271a20d3bb3b5474ddc7610d9a9f86a408d17e9e 2215 python-django_1.1.1-1ubuntu1.2.dsc
3f571d203c827937fac53dbd3c3394fc8674218071ca9810f5c27c17e63718e1 23178 python-django_1.1.1-1ubuntu1.2.diff.gz
Files:
9665d3d7efb78757cc7debdd8de52dee 2215 python optional python-django_1.1.1-1ubuntu1.2.dsc
9ee3275d17444e0fe9f29b558a50d656 23178 python optional python-django_1.1.1-1ubuntu1.2.diff.gz
Launchpad-Bugs-Fixed: 719031
Original-Maintainer: Chris Lamb <lamby at debian.org>
More information about the Karmic-changes
mailing list