[ubuntu/natty] python-django 1.2.3-1ubuntu0.2.11.04.1 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Mon Jan 3 18:15:29 UTC 2011
python-django (1.2.3-1ubuntu0.2.11.04.1) natty; urgency=low
* SECURITY UPDATE: information leak in admin interface
- debian/patches/07_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-XXXX
* SECURITY UPDATE:
- debian/patches/08_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-XXXX
Date: Mon, 03 Jan 2011 10:12:39 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/python-django/1.2.3-1ubuntu0.2.11.04.1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Jan 2011 10:12:39 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.2.3-1ubuntu0.2.11.04.1
Distribution: natty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Changes:
python-django (1.2.3-1ubuntu0.2.11.04.1) natty; urgency=low
.
* SECURITY UPDATE: information leak in admin interface
- debian/patches/07_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-XXXX
* SECURITY UPDATE:
- debian/patches/08_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-XXXX
Checksums-Sha1:
eb2ba0e51b5b5b8f9ac19af8c3f2277557f04c5a 2281 python-django_1.2.3-1ubuntu0.2.11.04.1.dsc
605e1ab4e8079f9c3d177a32eb16071246dee521 21736 python-django_1.2.3-1ubuntu0.2.11.04.1.debian.tar.gz
Checksums-Sha256:
2d318b66a8db73905941a592b360c1a2fc034fe2827f5ec5a322278c5b011d5a 2281 python-django_1.2.3-1ubuntu0.2.11.04.1.dsc
336fc9693d403e936d8cc113734dc7f19d4971ccce3b10e67a8c13f04a84c099 21736 python-django_1.2.3-1ubuntu0.2.11.04.1.debian.tar.gz
Files:
76c55c4e8fa42781da4366b971cc6bce 2281 python optional python-django_1.2.3-1ubuntu0.2.11.04.1.dsc
72a7b32e47dac8597ad68cd8cbbb93a4 21736 python optional python-django_1.2.3-1ubuntu0.2.11.04.1.debian.tar.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJNIhDeAAoJEFHb3FjMVZVzhTMP/2YO9xuUNWltwD9eTVH/Rr2p
5GQ3daVW6vbhsfcOeSHXhjkyPpH2YW6GwSHYrnf55vBvHVqbf+fO/eF9QpoCTLuY
fgTCEmPnCJM8cfmyOh5Vz/dhkyQZH0xGuKGcGJvSnc9+zpWiLZIisgHCRWucJQql
HQ6V25gGLeRoyuhLILi0wl3skP973P9jxY6XGwPqsIsf/ewEREOpKHXOIhlOFCAb
XVwEAGzFsOPhp4Gpxxb3nSdG4Cbxj97zoEkL+L/ysr31Omlmv2Zc22xPC17ORmRz
2wR9H2jJ7AGA7X01Dt6Y780+52rPJCNgpyY754mGCEZZFrPALnEMuAweXiG0SX7d
GAeM5L+DjwyPVf3maJGrMl8tV/m3e/LA1aeOZSMEetuN2w4LikXbsR1KUgMTzfjC
txNW/iBUpoWZLdYmUiUr1lXJ0olqayv4SvqGKXfu+SLD9ynPwV6YBF9inAVKTpI9
XRMmxDhvrczu/fcrlFl2XdpofBhOADfZ4PKosUEEzDO85RyotEcTMOTFqTkrxhzx
q2UT/UT58ugJ8mNbUVHEAC5Awi3Js5bfIdYlZXXg4+Nlk9PNeG9bfQzKD/jgs1vr
5AoFLjlNPe8a3nUt2dWADlrJlU6mlVI9CyhWtHU3d/993MgW3OoTy3u4S7D078PL
pg54vdx8ISzm9JbpYA8E
=4x7M
-----END PGP SIGNATURE-----
More information about the Natty-changes
mailing list