[ubuntu/precise-security] python-django 1.3.1-4ubuntu1.8 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Sep 24 15:35:35 UTC 2013

python-django (1.3.1-4ubuntu1.8) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
    - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
      in django/contrib/auth/forms.py, django/contrib/auth/models.py,
    - CVE-2013-1443
  * SECURITY UPDATE: directory traversal with ssi template tag
    - debian/patches/CVE-2013-4315.patch: properly check absolute path in
    - CVE-2013-4315
  * SECURITY UPDATE: possible XSS via is_safe_url
    - debian/patches/security-is_safe_url.patch: properly reject URLs which
      specify a scheme other then HTTP or HTTPS.
    - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
    - No CVE number

python-django (1.3.1-4ubuntu1.7) precise-proposed; urgency=low

  [ Julian Edwards ]
  * debian/patches:
    - prefetch_related.diff: Backport prefetch_related from 1.4 (LP: #1081388)
    - bug15496-base64-multipart-fix.diff: Include fix for upstream bug #15496
      which makes 'Content-Transfer-Encoding: base64: work for multipart
      messages. (LP: #1081392)

Date: 2013-09-20 14:40:18.904344+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list