[ubuntu/maverick-security] python-django_1.2.3-1ubuntu0.2.10.10.1_i386_translations.tar.gz (delayed), python-django 1.2.3-1ubuntu0.2.10.10.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Jan 7 01:04:18 UTC 2011
python-django (1.2.3-1ubuntu0.2.10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: information leak in admin interface
- debian/patches/07_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/08_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
Date: Mon, 03 Jan 2011 11:28:10 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/python-django/1.2.3-1ubuntu0.2.10.10.1
-------------- next part --------------
Format: 1.8
Date: Mon, 03 Jan 2011 11:28:10 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.2.3-1ubuntu0.2.10.10.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Changes:
python-django (1.2.3-1ubuntu0.2.10.10.1) maverick-security; urgency=low
.
* SECURITY UPDATE: information leak in admin interface
- debian/patches/07_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/08_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
Checksums-Sha1:
e750462e20204b4af1a7320c2129ccd3a4c8100a 2281 python-django_1.2.3-1ubuntu0.2.10.10.1.dsc
8bebc4f13271cefe4f5dc944e2ae415de4458b89 21609 python-django_1.2.3-1ubuntu0.2.10.10.1.debian.tar.gz
Checksums-Sha256:
32f851ecf60432da5fecd6f629cd93f7767f5efeab825cb41e972b150619acfa 2281 python-django_1.2.3-1ubuntu0.2.10.10.1.dsc
37e643997ad12006bd49e40319ad8c7f5c271f45b26c34a78ab0ca74a5c21e62 21609 python-django_1.2.3-1ubuntu0.2.10.10.1.debian.tar.gz
Files:
336e74a9d11c13359b9470dec5c4b89f 2281 python optional python-django_1.2.3-1ubuntu0.2.10.10.1.dsc
391d97abadfcdfcc723b47073359f885 21609 python optional python-django_1.2.3-1ubuntu0.2.10.10.1.debian.tar.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>
More information about the Maverick-changes
mailing list