[ubuntu/maverick-security] python-django_1.2.3-1ubuntu0.2.10.10.2_i386_translations.tar.gz (delayed), python-django 1.2.3-1ubuntu0.2.10.10.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Feb 17 17:04:30 UTC 2011
python-django (1.2.3-1ubuntu0.2.10.10.2) maverick-security; urgency=low
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/09_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/10_admin_widgets-to-unittest.diff: prepare testsuite for
security fix tests
- debian/patches/11_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
Date: Tue, 15 Feb 2011 17:04:19 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/python-django/1.2.3-1ubuntu0.2.10.10.2
-------------- next part --------------
Format: 1.8
Date: Tue, 15 Feb 2011 17:04:19 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.2.3-1ubuntu0.2.10.10.2
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Launchpad-Bugs-Fixed: 719031
Changes:
python-django (1.2.3-1ubuntu0.2.10.10.2) maverick-security; urgency=low
.
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/09_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/10_admin_widgets-to-unittest.diff: prepare testsuite for
security fix tests
- debian/patches/11_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
Checksums-Sha1:
e8466254ed41b99d0abdc5f50f8df8c63c9b1796 2276 python-django_1.2.3-1ubuntu0.2.10.10.2.dsc
ee69b92f7fefdf5b95f32e24913114841be7d7dc 27750 python-django_1.2.3-1ubuntu0.2.10.10.2.debian.tar.gz
Checksums-Sha256:
30b1770cac7108a68514ec0d5579d127c6342eb0c410d2a120ffda18d218be7c 2276 python-django_1.2.3-1ubuntu0.2.10.10.2.dsc
41b236d135fbb56fa2eec03460c5fcbdc7ab491e7453da97037b6f4a437aad00 27750 python-django_1.2.3-1ubuntu0.2.10.10.2.debian.tar.gz
Files:
6dba452984483a7442de365e451f1fde 2276 python optional python-django_1.2.3-1ubuntu0.2.10.10.2.dsc
df339fbad6cc5389fc4979ea9ef89455 27750 python optional python-django_1.2.3-1ubuntu0.2.10.10.2.debian.tar.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>
More information about the Maverick-changes
mailing list