[ubuntu/lucid-security] python-django_1.1.1-2ubuntu1.4_i386_translations.tar.gz, python-django 1.1.1-2ubuntu1.4 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Fri Dec 9 00:08:05 UTC 2011 

python-django (1.1.1-2ubuntu1.4) lucid-security; urgency=low

  * SECURITY UPDATE: session manipulation when using django.contrib.sessions
    with memory-based sessions and caching
    - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys
      for session instead of root namespace
    - CVE-2011-4136
  * SECURITY UPDATE: potential denial of service and information disclosure in
    URLField
    - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by
      default and use a timeout if available.
    - CVE-2011-4137, CVE-2011-4138
  * SECURITY UPDATE: potential cache-poisoning via crafted Host header
    - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by
      default when constructing full URLs
    - CVE-2011-4139
  * More information on these issues can be found at:
    https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/

Date: Wed, 07 Dec 2011 16:02:57 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.4
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Dec 2011 16:02:57 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-2ubuntu1.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Changes: 
 python-django (1.1.1-2ubuntu1.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: session manipulation when using django.contrib.sessions
     with memory-based sessions and caching
     - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys
       for session instead of root namespace
     - CVE-2011-4136
   * SECURITY UPDATE: potential denial of service and information disclosure in
     URLField
     - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by
       default and use a timeout if available.
     - CVE-2011-4137, CVE-2011-4138
   * SECURITY UPDATE: potential cache-poisoning via crafted Host header
     - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by
       default when constructing full URLs
     - CVE-2011-4139
   * More information on these issues can be found at:
     https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
Checksums-Sha1: 
 781ceb00bec9431c24fc1da8f8e12099d9784716 2215 python-django_1.1.1-2ubuntu1.4.dsc
 b5f37ab933a36efc87d519c03a5e35fd4bea4b2e 50152 python-django_1.1.1-2ubuntu1.4.diff.gz
Checksums-Sha256: 
 46156f4761e5922c0165439d805613e9334064eb1a3f026750c344f2962e5356 2215 python-django_1.1.1-2ubuntu1.4.dsc
 26f2a02f00de6879554d8cf7f09470719531771bc5c4ce5a04ef8fbc51ab30f5 50152 python-django_1.1.1-2ubuntu1.4.diff.gz
Files: 
 da57d6e7c19a409861d1ebe14b2b4ad8 2215 python optional python-django_1.1.1-2ubuntu1.4.dsc
 3f08a38065b0eaa8784a8311b92e8eca 50152 python optional python-django_1.1.1-2ubuntu1.4.diff.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>

More information about the Lucid-changes mailing list