[ubuntu/quantal-updates] python-django 1.4.1-2ubuntu0.4 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Sep 24 15:58:25 UTC 2013
python-django (1.4.1-2ubuntu0.4) quantal-security; urgency=low
* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
- debian/patches/CVE-2013-1443.patch: enforce a maximum password length
in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
django/contrib/auth/tests/hashers.py.
- CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
- debian/patches/CVE-2013-4315.patch: properly check absolute path in
django/template/defaulttags.py,
tests/regressiontests/templates/tests.py.
- CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
- debian/patches/security-is_safe_url.patch: properly reject URLs which
specify a scheme other then HTTP or HTTPS.
- https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
- No CVE number
* debian/patches/fix-validation-tests.patch: fix regression in tests
since example.com is now available via https.
Date: 2013-09-20 14:21:14.037743+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/quantal/+source/python-django/1.4.1-2ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list