[Bug 1323929] Re: Sync python-django 1.6.5-1 (main) from Debian sid (main)
Daniel Holbach
daniel.holbach at ubuntu.com
Wed May 28 07:13:32 UTC 2014
This bug was fixed in the package python-django - 1.6.5-1
Sponsored for Andrew Starr-Bochicchio (andrewsomething)
---------------
python-django (1.6.5-1) unstable; urgency=high
* New upstream security release.
- Caches may be allowed to store and serve private data (CVE-2014-1418)
- Malformed URLs from user input incorrectly validated
* Drop partial_functions_reverse.patch (merged upstream).
-- Raphaël Hertzog <hertzog at debian.org> Wed, 14 May 2014 22:49:59
+0200
python-django (1.6.3-2) unstable; urgency=high
* Fix regression of reverse() and partial views. (LP: #1311433)
Thanks Preston Timmons.
-- Luke Faraone <lfaraone at debian.org> Tue, 22 Apr 2014 20:44:18 -0700
python-django (1.6.3-1) unstable; urgency=high
* New upstream security release.
- Unexpected code execution using ``reverse()``
- CVE-2014-0472
- Caching of anonymous pages could reveal CSRF token
- CVE-2014-0473
- MySQL typecasting could result in unexpected matches
- CVE-2014-0474
* Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
upstream
-- Luke Faraone <lfaraone at debian.org> Mon, 21 Apr 2014 16:47:14 -0700
** Changed in: python-django (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0472
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0473
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0474
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1418
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1323929
Title:
Sync python-django 1.6.5-1 (main) from Debian sid (main)
Status in “python-django” package in Ubuntu:
Fix Released
Bug description:
Please sync python-django 1.6.5-1 (main) from Debian sid (main)
Explanation of the Ubuntu delta and why it can be dropped:
All Ubuntu patches are backports from upstream. This release contains
them all.
Changelog entries since current utopic version 1.6.1-2ubuntu0.3:
python-django (1.6.5-1) unstable; urgency=high
* New upstream security release.
- Caches may be allowed to store and serve private data (CVE-2014-1418)
- Malformed URLs from user input incorrectly validated
* Drop partial_functions_reverse.patch (merged upstream).
-- Raphaël Hertzog <hertzog at debian.org> Wed, 14 May 2014 22:49:59
+0200
python-django (1.6.3-2) unstable; urgency=high
* Fix regression of reverse() and partial views. (LP: #1311433)
Thanks Preston Timmons.
-- Luke Faraone <lfaraone at debian.org> Tue, 22 Apr 2014 20:44:18
-0700
python-django (1.6.3-1) unstable; urgency=high
* New upstream security release.
- Unexpected code execution using ``reverse()``
- CVE-2014-0472
- Caching of anonymous pages could reveal CSRF token
- CVE-2014-0473
- MySQL typecasting could result in unexpected matches
- CVE-2014-0474
* Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
upstream
-- Luke Faraone <lfaraone at debian.org> Mon, 21 Apr 2014 16:47:14
-0700
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1323929/+subscriptions
More information about the Ubuntu-sponsors
mailing list