[ubuntu/vivid-proposed] python-django16 1.6.6-1ubuntu5 (Accepted)

Andres Rodriguez andreserl at ubuntu.com
Mon Mar 23 21:01:15 UTC 2015


python-django16 (1.6.6-1ubuntu5) vivid; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial-of-service possibility with strip_tags
    - debian/patches/CVE-2015-2316.patch: fix infinite loop possibility
      in django/utils/html.py, added test to
      tests/utils_tests/test_html.py.
    - CVE-2015-2316
  * SECURITY UPDATE: XSS attack via user-supplied redirect URLs
    - debian/patches/CVE-2015-2317.patch: reject URLs that start with
      control characters in django/utils/http.py, added test to
      tests/utils_tests/test_http.py.
    - CVE-2015-2317

Date: Mon, 23 Mar 2015 16:49:34 -0400
Changed-By: Andres Rodriguez <andreserl at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django16/1.6.6-1ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Mar 2015 16:49:34 -0400
Source: python-django16
Binary: python-django16
Architecture: source
Version: 1.6.6-1ubuntu5
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andres Rodriguez <andreserl at ubuntu.com>
Description: 
 python-django16 - High-level Python web development framework
Changes: 
 python-django16 (1.6.6-1ubuntu5) vivid; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: denial-of-service possibility with strip_tags
     - debian/patches/CVE-2015-2316.patch: fix infinite loop possibility
       in django/utils/html.py, added test to
       tests/utils_tests/test_html.py.
     - CVE-2015-2316
   * SECURITY UPDATE: XSS attack via user-supplied redirect URLs
     - debian/patches/CVE-2015-2317.patch: reject URLs that start with
       control characters in django/utils/http.py, added test to
       tests/utils_tests/test_http.py.
     - CVE-2015-2317
Checksums-Sha1: 
 5bc2e5f515dbdeeffefdb24135565e9e99e70c74 2318 python-django16_1.6.6-1ubuntu5.dsc
 5edb7126a04970afafc3add80cfd1f3f4dc05620 31072 python-django16_1.6.6-1ubuntu5.debian.tar.gz
Checksums-Sha256: 
 8128ef132f4c31b61893a39ce494489382401ff1adc6b57fc8435816dd963d64 2318 python-django16_1.6.6-1ubuntu5.dsc
 ffd7442ce9c7c6f98bd9efbf05d2ba7e08d38355c00061a0f257e6d9ea2b821c 31072 python-django16_1.6.6-1ubuntu5.debian.tar.gz
Files: 
 86341a610f8318bf517c4bf945e24b05 2318 python optional python-django16_1.6.6-1ubuntu5.dsc
 ad59ef4162ae078ce86f178e325c8a25 31072 python optional python-django16_1.6.6-1ubuntu5.debian.tar.gz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVEHyYAAoJEEirKvcsSO5OucoP/jzj9IiK7IBL0AfSazDNTbQS
dz+3pLguGkco5Yd4fQHTVS59ShjvA7wLEMJrsXztD3UGV9Wmsf2/C9FYqBGRH9WJ
O+gpHBq6z6w+0LVFJbwxoepEoffdpx8LHzfbrmP1h/qg3llwacDkB1EkCHkyNLY9
j0iyWntip9cd/2EuiW9QFpu1AiQ7z4vQTuSXhRzedcM/J6QdExQHthQdCdFxpOBI
YipcbRFVYrokecHTF/jWG3itnTkjkQduoHo+nT/EqEzs5VdhylcEQW3LE8fPTTZf
H0wsisfoOzplwrfLIiMjhlV1uqZ91XuBIpuSccVMrItwPbKbqkuVS3jg4glPgbiS
1b/o6STEZyzMv2dPlSE6s9alNCKvpeu7X9Yn6bzGL0hUBkJ3VjyFuVnr0up+v046
NcF4aC7SyijUES9g2VgGBjkCAbquppkMinwGuGIvrkf7Qo8slPlGN69duc8o/P3s
Ln9o+0EiHbMdgROrJWB+7mKkUCImAZMdDEsxpByoiaQE6rGvD1S07z0lfpF03NS0
WPE57eVSjBebOxVBGefBV0BDFxnef+38HI+CbNuRp6FsrfkR873xeuQ6qiN1n8jP
rAeL1asPqpXBhJR+tRVEXoS5ihMYGfiQuhrdob1/SgIVy6yW0BTMQRZhnmTsDBQM
ANXy6q9OBh2IzZyukWbr
=Oiqj
-----END PGP SIGNATURE-----


More information about the Vivid-changes mailing list