[ubuntu/saucy-updates] python-django 1.5.4-1ubuntu1.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu May 15 01:28:23 UTC 2014
python-django (1.5.4-1ubuntu1.3) saucy-security; urgency=medium
* SECURITY UPDATE: cache coherency problems in old Internet Explorer
compatibility functions lead to loss of privacy and cache poisoning
attacks. (LP: #1317663)
- debian/patches/drop_fix_ie_for_vary_1_5.diff: remove fix_IE_for_vary()
and fix_IE_for_attach() functions so Cache-Control and Vary headers are
no longer modified. This may introduce some regressions for IE 6 and IE 7
users. Patch from upstream.
- CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
some malformed URLs, which are accepted by some browsers. This allows a
user to be redirected to an unsafe URL unexpectedly.
- debian/patches/is_safe_url_1_5.diff: Forbid URLs starting with '///',
forbid URLs without a host but with a path. Patch from upstream.
Date: 2014-05-14 19:22:17.896378+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/saucy/+source/python-django/1.5.4-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Saucy-changes
mailing list