[ubuntu/xenial-proposed] python-django 1.8.7-1ubuntu2 (Accepted)

[Marc Deslauriers]

python-django (1.8.7-1ubuntu2) xenial; urgency=medium

  * SECURITY UPDATE: malicious redirect and possible XSS attack via
    user-supplied redirect URLs containing basic auth
    - debian/patches/CVE-2016-2512.patch: prevent spoofing in
      django/utils/http.py, added test to tests/utils_tests/test_http.py.
    - CVE-2016-2512
  * SECURITY UPDATE: user enumeration through timing difference on password
    hasher work factor upgrade
    - debian/patches/CVE-2016-2513.patch: fix timing in
      django/contrib/auth/hashers.py, added note to
      docs/topics/auth/passwords.txt, added tests to
      tests/auth_tests/test_hashers.py.
    - CVE-2016-2513

Date: Thu, 25 Feb 2016 10:02:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 25 Feb 2016 10:02:48 -0500
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source
Version: 1.8.7-1ubuntu2
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1.8.7-1ubuntu2) xenial; urgency=medium
 .
   * SECURITY UPDATE: malicious redirect and possible XSS attack via
     user-supplied redirect URLs containing basic auth
     - debian/patches/CVE-2016-2512.patch: prevent spoofing in
       django/utils/http.py, added test to tests/utils_tests/test_http.py.
     - CVE-2016-2512
   * SECURITY UPDATE: user enumeration through timing difference on password
     hasher work factor upgrade
     - debian/patches/CVE-2016-2513.patch: fix timing in
       django/contrib/auth/hashers.py, added note to
       docs/topics/auth/passwords.txt, added tests to
       tests/auth_tests/test_hashers.py.
     - CVE-2016-2513
Checksums-Sha1:
 9648adeebaec8ed8a8f59932a45b97ef9b4143d6 2787 python-django_1.8.7-1ubuntu2.dsc
 fcfc2c3cfb98870b105d6f1402da6c3e4ffeafe4 29452 python-django_1.8.7-1ubuntu2.debian.tar.xz
Checksums-Sha256:
 3281b551630e5204f0054b3647f616395d87f49b8fac8520c32d5a55f474ca75 2787 python-django_1.8.7-1ubuntu2.dsc
 459e9a65c16bdcf76de4f2efb822ee3cfe16ca1f2a58d47ac16e28a36dfc1f66 29452 python-django_1.8.7-1ubuntu2.debian.tar.xz
Files:
 ff9897ac48d2f2925305f7787d257609 2787 python optional python-django_1.8.7-1ubuntu2.dsc
 47255d928d69837a8efc78d18ab70ec6 29452 python optional python-django_1.8.7-1ubuntu2.debian.tar.xz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW1ebqAAoJEGVp2FWnRL6TRHcP/3fSDnnnEEU8ttJ96tQreBSP
UoPl+efayQYOAhO2Nyi0VfKvLLNfZg9ULiWsAJiXmYjCc9PkwKbAmJ3GGYWUmzdt
ypJ3oaHUodxRhLzXAeMvfU4IMiGMyw4Ht0MF2uM7FJKv9gyQnlG/7sL5L9XXTvtr
RU6HMoUVswLDi3ghn2tz0bG6ntdvbEshPBGYNgPpp4REeUTK3iK8edLtQO8BHkLE
+YMT2PCXGxS7EN1zk8xPhV7tSbCQJNSctMjTX5d39N3jf5ynuqDBDm+8t1VPvEcH
DxG2uoMbOejYpG0c7mmdjyQ2U7Ay0bjbq0NwS6S9LV4SZHh8Y3WpkP3EGJFvGTkX
p/oA23kxKaMUQU6WjNBtiH7DIDp1lwN5P6qwc/4pjr+5kib01hU+SMPa3dtGVjJs
/mx8wGQVO4NW4RbUQqoN+YPR//yir95ruGi1i1YcLRUndjNuhn5gMtnpQvP4YxBC
j6fw7MZF8/h9OPNyXuSvb01IY0WAygHM4nxLZeVp5comVbFeS4zNUa8a2y0dqKyi
toPm4KQHJhIaDn4jLstKA2kNsB//vSCdjiwg8BdWc4SXGFJAOdPhbBBWDhAQF9is
SZXAPY9ImmrlB+DbGvZtr/wpsbPf9ISyefkYIAtTeuS/3pSrdPPG5WIWjauvh9fU
8gvCBAMa4d3eyM04KqT9
=XY/W
-----END PGP SIGNATURE-----