[ubuntu/vivid-proposed] python-django 1.7.6-1ubuntu2 (Accepted)

[Marc Deslauriers]

python-django (1.7.6-1ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: denial-of-service possibility with strip_tags
    - debian/patches/CVE-2015-2316.patch: fix infinite loop possibility
      in django/utils/html.py, added test to
      tests/utils_tests/test_html.py.
    - CVE-2015-2316
  * SECURITY UPDATE: XSS attack via user-supplied redirect URLs
    - debian/patches/CVE-2015-2317.patch: reject URLs that start with
      control characters in django/utils/http.py, added test to
      tests/utils_tests/test_http.py.
    - CVE-2015-2317

Date: Fri, 20 Mar 2015 10:18:12 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/1.7.6-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Mar 2015 10:18:12 -0400
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source
Version: 1.7.6-1ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1.7.6-1ubuntu2) vivid; urgency=medium
 .
   * SECURITY UPDATE: denial-of-service possibility with strip_tags
     - debian/patches/CVE-2015-2316.patch: fix infinite loop possibility
       in django/utils/html.py, added test to
       tests/utils_tests/test_html.py.
     - CVE-2015-2316
   * SECURITY UPDATE: XSS attack via user-supplied redirect URLs
     - debian/patches/CVE-2015-2317.patch: reject URLs that start with
       control characters in django/utils/http.py, added test to
       tests/utils_tests/test_http.py.
     - CVE-2015-2317
Checksums-Sha1:
 35e2979950d38ba17fa46fbaecabdceef2eff75f 2729 python-django_1.7.6-1ubuntu2.dsc
 924b934dabc8fc09d7744c21fd9cb46dd7a9a4b9 24588 python-django_1.7.6-1ubuntu2.debian.tar.xz
Checksums-Sha256:
 19ea13fc608623720f0aed2497be322076605aa3adf9dd0bdf9299bc94811d4e 2729 python-django_1.7.6-1ubuntu2.dsc
 c7304caacc0669165b439ddea73e317c9e6a85c3970daac35d6cce13c7c9a553 24588 python-django_1.7.6-1ubuntu2.debian.tar.xz
Files:
 07a5b757fc22ddd4277dfd2e61197624 2729 python optional python-django_1.7.6-1ubuntu2.dsc
 b64214c651f56b29dfc03f730d85807b 24588 python optional python-django_1.7.6-1ubuntu2.debian.tar.xz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVDDo8AAoJEGVp2FWnRL6TBAcQAKY/lhmetYoL2G3B7EWSUbek
BcMOyMfJlsZTHKIDL612SQ+GBzE2kFYD1H3Tb0ABeIwROqjxrRHDYatd42yP6fV2
oX10nxGIxyPbq4XTZ7k2chLVehoPbgGAnT+bz/Sb5ksB3LisBwgUXwkyiX/zxkaS
yDBfAYIUwahZyVtuYlSMP2wJRxcODfnRnf8TquOQpAUw59KPAbrIVLEbUCZ8pFXX
RDikMYo+6PLwxDkINjoYiPwIQiT2BzNNre/CwkaPmyVrjNSyB91Q7tUsayuHwHSm
vffIUnWjqCBNop1bInT8nABPqELIDzzhlj4B4zaFdFvbnto6KPf0p0cuQ7l4r4sw
v3lk6c1086ywmzaVcRgSv/m+ETz2yinotFV0A83qVmIUEm3/aOkK9bdmiFFtitoS
Ge/+d93K5O+OlbTBxfuk9KUeucWbWr9vvW+81o3Hj7eI5sS7sYFqgdq7M23Ox4ZL
e5Bz40sjHq4/TWPdg1NSFLX/aetLspES71AG7spOLBc991Lq7br8YQRUj2QQeFlZ
sevg+NhlGsn+UZvTRIpuJSYU4MytI1AF+nrzU55aqbAVUnjdOmQhJW7JoImU46uA
4kcOPaDd2kWnDTnMaamNQIT2p6e+eiVhy2uQ9WW1mnKKYqO5HQMPMPhdLKIbtcXc
g3kiPAAlkNTzvHnToYUf
=FSNz
-----END PGP SIGNATURE-----