[ubuntu/karmic-security] python-django_1.1.1-1ubuntu1.1_i386_translations.tar.gz (delayed), python-django 1.1.1-1ubuntu1.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Jan 7 01:05:05 UTC 2011
python-django (1.1.1-1ubuntu1.1) karmic-security; urgency=low
* SECURITY UPDATE: information leak in admin interface
- debian/patches/21_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/22_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
* add patch from Lucid to fix FTBFS in November by applying patch from
upstream bug #12125
- debian/patches/23_ftbfs_in_november.diff
Date: Mon, 03 Jan 2011 11:36:34 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/python-django/1.1.1-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Mon, 03 Jan 2011 11:36:34 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-1ubuntu1.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Changes:
python-django (1.1.1-1ubuntu1.1) karmic-security; urgency=low
.
* SECURITY UPDATE: information leak in admin interface
- debian/patches/21_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/22_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
* add patch from Lucid to fix FTBFS in November by applying patch from
upstream bug #12125
- debian/patches/23_ftbfs_in_november.diff
Checksums-Sha1:
b0cabea28fc7d13b772e337c63c84e7529116ff3 2215 python-django_1.1.1-1ubuntu1.1.dsc
07ea7e6486c943da8237801209559009057c2819 20554 python-django_1.1.1-1ubuntu1.1.diff.gz
Checksums-Sha256:
5f476d3e1d959fae6593feabfa5b39a8e45d7ab51849fe90ae25cceb2c8e05bc 2215 python-django_1.1.1-1ubuntu1.1.dsc
56aba3a14b329893ed54ee288f6913daf31c69e68045b517a767b02458a79cc5 20554 python-django_1.1.1-1ubuntu1.1.diff.gz
Files:
80222eacb212cce9d95bd988313f1f72 2215 python optional python-django_1.1.1-1ubuntu1.1.dsc
69008b0041f74d261d2dfd833f0cbc71 20554 python optional python-django_1.1.1-1ubuntu1.1.diff.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>
More information about the Karmic-changes
mailing list