[ubuntu/maverick-security] python-django_1.2.3-1ubuntu0.2.10.10.2_i386_translations.tar.gz (delayed), python-django 1.2.3-1ubuntu0.2.10.10.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Feb 17 17:04:30 UTC 2011


python-django (1.2.3-1ubuntu0.2.10.10.2) maverick-security; urgency=low

  * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
    - debian/patches/09_CVE-2011-0696.diff: apply full CSRF validation to all
      requests, regardless of apparent AJAX origin. This is technically
      backwards-incompatible, but the security risks have been judged to
      outweigh the compatibility concerns in this case. See the Django project
      notes for more information:
      http://www.djangoproject.com/weblog/2011/feb/08/security/
    - CVE-2011-0696
  * SECURITY UPDATE: potential XSS in file field rendering
    - debian/patches/10_admin_widgets-to-unittest.diff: prepare testsuite for
      security fix tests
    - debian/patches/11_CVE-2011-0697.diff: properly escape URL in
      django/contrib/admin/widgets.py
    - CVE-2011-0697

Date: Tue, 15 Feb 2011 17:04:19 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/python-django/1.2.3-1ubuntu0.2.10.10.2
-------------- next part --------------
Format: 1.8
Date: Tue, 15 Feb 2011 17:04:19 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.2.3-1ubuntu0.2.10.10.2
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Launchpad-Bugs-Fixed: 719031
Changes: 
 python-django (1.2.3-1ubuntu0.2.10.10.2) maverick-security; urgency=low
 .
   * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
     - debian/patches/09_CVE-2011-0696.diff: apply full CSRF validation to all
       requests, regardless of apparent AJAX origin. This is technically
       backwards-incompatible, but the security risks have been judged to
       outweigh the compatibility concerns in this case. See the Django project
       notes for more information:
       http://www.djangoproject.com/weblog/2011/feb/08/security/
     - CVE-2011-0696
   * SECURITY UPDATE: potential XSS in file field rendering
     - debian/patches/10_admin_widgets-to-unittest.diff: prepare testsuite for
       security fix tests
     - debian/patches/11_CVE-2011-0697.diff: properly escape URL in
       django/contrib/admin/widgets.py
     - CVE-2011-0697
Checksums-Sha1: 
 e8466254ed41b99d0abdc5f50f8df8c63c9b1796 2276 python-django_1.2.3-1ubuntu0.2.10.10.2.dsc
 ee69b92f7fefdf5b95f32e24913114841be7d7dc 27750 python-django_1.2.3-1ubuntu0.2.10.10.2.debian.tar.gz
Checksums-Sha256: 
 30b1770cac7108a68514ec0d5579d127c6342eb0c410d2a120ffda18d218be7c 2276 python-django_1.2.3-1ubuntu0.2.10.10.2.dsc
 41b236d135fbb56fa2eec03460c5fcbdc7ab491e7453da97037b6f4a437aad00 27750 python-django_1.2.3-1ubuntu0.2.10.10.2.debian.tar.gz
Files: 
 6dba452984483a7442de365e451f1fde 2276 python optional python-django_1.2.3-1ubuntu0.2.10.10.2.dsc
 df339fbad6cc5389fc4979ea9ef89455 27750 python optional python-django_1.2.3-1ubuntu0.2.10.10.2.debian.tar.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>


More information about the Maverick-changes mailing list