[ubuntu/trusty-security] python-django 1.6.11-0ubuntu1.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Apr 4 17:01:14 UTC 2017
python-django (1.6.11-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/utils_tests/test_http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
python-django (1.6.11-0ubuntu1) trusty; urgency=medium
* Update to final upstream 1.6 microrelease (LP: #1644346)
* Drop patches included upstream:
- debian/patches/07_translation_encoding_fix.diff, ticket21869.diff,
CVE-2014-0472.patch, CVE-2014-0473.patch, CVE-2014-0474.patch,
CVE-2014-0472-regression.patch, drop_fix_ie_for_vary_1_6.diff,
is_safe_url_1_6.diff, CVE-2014-0480.patch, CVE-2014-0481.patch,
CVE-2014-0482.patch, CVE-2014-0483.patch, CVE-2014-0483-bug23329.patch,
CVE-2014-0483-bug23431.patch, CVE-2015-0219.patch, CVE-2015-0220.patch,
CVE-2015-0221.patch, CVE-2015-0222.patch, CVE-2015-2316.patch, and
CVE-2015-2317.patch
Date: 2017-03-29 12:49:13.531881+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/1.6.11-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list