[Bug 1553251] Re: USN-2915-1 introduced a regression in is_safe_url()
Launchpad Bug Tracker
1553251 at bugs.launchpad.net
Mon Mar 7 12:44:34 UTC 2016
This bug was fixed in the package python-django - 1.6.1-2ubuntu0.13
---------------
python-django (1.6.1-2ubuntu0.13) trusty-security; urgency=medium
* SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251)
- debian/patches/CVE-2016-2512-regression.patch: force url to unicode
in django/utils/http.py, added test to
tests/utils_tests/test_http.py.
- CVE-2016-2512
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 04 Mar 2016
11:07:40 -0500
** Changed in: python-django (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-django in Ubuntu.
https://bugs.launchpad.net/bugs/1553251
Title:
USN-2915-1 introduced a regression in is_safe_url()
To manage notifications about this bug go to:
https://bugs.launchpad.net/django/+bug/1553251/+subscriptions
More information about the Ubuntu-server-bugs
mailing list