[ubuntu/trusty-updates] python-django 1.6.11-0ubuntu1.1 (Accepted)

[Ubuntu Archive Robot]

python-django (1.6.11-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Open redirect and possible XSS attack via
    user-supplied numeric redirect URLs
    - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
      URLs in django/utils/http.py, added tests to
      tests/utils_tests/test_http.py.
    - CVE-2017-7233
  * SECURITY UPDATE: Open redirect vulnerability in
    django.views.static.serve()
    - debian/patches/CVE-2017-7234.patch: remove redirect from
      django/views/static.py.
    - CVE-2017-7234

Date: 2017-03-29 12:49:13.531881+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/python-django/1.6.11-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.