[ubuntu/lucid-security] python-django_1.1.1-2ubuntu1.2_i386_translations.tar.gz (delayed), python-django 1.1.1-2ubuntu1.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Jan 7 01:04:41 UTC 2011 

python-django (1.1.1-2ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: information leak in admin interface
    - debian/patches/08_security_admin_infoleak.diff: validate querystring
      lookup arguments either specify only fields on the model being viewed,
      or cross relations which have been explicitly whitelisted.
    - CVE-2010-4534
  * SECURITY UPDATE:
    - debian/patches/09_security_pasword_reset_dos.diff: adjust
      base36_to_int() function in django.utils.http will now validate the
      length of its input; on input longer than 13 digits (sufficient to
      base36-encode any 64-bit integer), it will now raise ValueError.
      Additionally, the default URL patterns for django.contrib.auth will now
      enforce a maximum length on the relevant parameters.
    - CVE-2010-4535

Date: Mon, 03 Jan 2011 11:31:57 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.2
-------------- next part --------------
Format: 1.8
Date: Mon, 03 Jan 2011 11:31:57 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-2ubuntu1.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Changes: 
 python-django (1.1.1-2ubuntu1.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: information leak in admin interface
     - debian/patches/08_security_admin_infoleak.diff: validate querystring
       lookup arguments either specify only fields on the model being viewed,
       or cross relations which have been explicitly whitelisted.
     - CVE-2010-4534
   * SECURITY UPDATE:
     - debian/patches/09_security_pasword_reset_dos.diff: adjust
       base36_to_int() function in django.utils.http will now validate the
       length of its input; on input longer than 13 digits (sufficient to
       base36-encode any 64-bit integer), it will now raise ValueError.
       Additionally, the default URL patterns for django.contrib.auth will now
       enforce a maximum length on the relevant parameters.
     - CVE-2010-4535
Checksums-Sha1: 
 1088cdaf0c2258011d4a42919104e07d094e948e 2215 python-django_1.1.1-2ubuntu1.2.dsc
 685c1efb50a04d9a45805ebad8e3d87467ebc18f 43848 python-django_1.1.1-2ubuntu1.2.diff.gz
Checksums-Sha256: 
 38c774e1e388d8fc003589e9f4072cc1f5655a25ee6138068f0ee88d715accd8 2215 python-django_1.1.1-2ubuntu1.2.dsc
 9a6f1ca1262165dce6217a3326e9fe45d606d771d20bd97e75cfe8f6e0a17119 43848 python-django_1.1.1-2ubuntu1.2.diff.gz
Files: 
 d18df1b93b0953664165c15870852145 2215 python optional python-django_1.1.1-2ubuntu1.2.dsc
 69baf8e98b78de3762e12023f71d0704 43848 python optional python-django_1.1.1-2ubuntu1.2.diff.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>

More information about the Lucid-changes mailing list