[ubuntu/zesty-proposed] python-django 1.8.7-1ubuntu9 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Nov 1 19:05:19 UTC 2016 

python-django (1.8.7-1ubuntu9) zesty; urgency=medium

  * SECURITY UPDATE: user with hardcoded password created when running
    tests on Oracle
    - debian/patches/CVE-2016-9013.patch: remove hardcoded password in
      django/db/backends/oracle/creation.py, added note to
      docs/ref/settings.txt.
    - CVE-2016-9013
  * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
    - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
      django/http/request.py, updated docs/ref/settings.txt, added test to
      tests/requests/tests.py.
    - CVE-2016-9014

Date: Tue, 01 Nov 2016 14:46:03 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu9
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Nov 2016 14:46:03 -0400
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source
Version: 1.8.7-1ubuntu9
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1.8.7-1ubuntu9) zesty; urgency=medium
 .
   * SECURITY UPDATE: user with hardcoded password created when running
     tests on Oracle
     - debian/patches/CVE-2016-9013.patch: remove hardcoded password in
       django/db/backends/oracle/creation.py, added note to
       docs/ref/settings.txt.
     - CVE-2016-9013
   * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
     - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
       django/http/request.py, updated docs/ref/settings.txt, added test to
       tests/requests/tests.py.
     - CVE-2016-9014
Checksums-Sha1:
 9199d5f66cf8c93b410a89bce536871d964adcb3 2787 python-django_1.8.7-1ubuntu9.dsc
 eec97934abb2930eda8d12981e7d6b26b366adfe 36956 python-django_1.8.7-1ubuntu9.debian.tar.xz
Checksums-Sha256:
 f829e41f9c49ccb27bd5ad2850aae63d7b5ce4fb248f8ccf12f6d614bb64ced4 2787 python-django_1.8.7-1ubuntu9.dsc
 bd1c75cbc3d1fdd14e5078a818fec3b94a84eed4162bfb62f5bd1a780c0b8803 36956 python-django_1.8.7-1ubuntu9.debian.tar.xz
Files:
 0c92e612f821abb8ff229e16f48867ee 2787 python optional python-django_1.8.7-1ubuntu9.dsc
 416b6bb8e88e403795ab2dd2f811f201 36956 python optional python-django_1.8.7-1ubuntu9.debian.tar.xz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYGOagAAoJEGVp2FWnRL6TNdkP/ihqVnYcB9ICamXNlECzi8V/
Nqgh7PtIwB1tXkC7KSNYfocVXI1Xkmo6p6MUUIrFtavGCVC7DSyiPzfWmBu/7q5s
UG8Vf7NtFnZJsBUIcYG2Bxxg3B9QRV+N6xEQMWDDKpD8SORFrfNN7jhsDbAN5g7E
BKNz04j3MBZqNfyKwTq/oPYHqxD4H1qyFnHsEM3AZVlkD95Tr21vEwPcvQQMetaO
G8lT4xUS3L56QbRvvyFeO4CUtkc6sLGGLXYtyWUXxqA0Kfqko9BPLdV6Y4uQuRj9
A5pcGJyzTt1KWcL26UWRlGRhoBiJSuo3VQH8yPc6wS21rk2mf/ch/uUAAAmo2FLs
W2RO7LcKPkiN8E1q2DbQEg4ljVcxFxlZzi/nDOGMCFGyq6B6zoYCBRo6vT9DJiIE
XTDcqJIWQ5nqNOhh5vehCq+/+9pc1cxcz1a0OU2ZSa+UBfkhe/nRjrX/KALz2u9K
CAr4ZXw88XpWjUhYTVGgt+89vITMdPyXN0zbYDjcoRD25MEVUMmxAkl0rl6gw477
hZxHD3YKLpn5Gn7vZENMapzfECL5/pG/lFMguEf7cryGIU1r4eNlXFTJ3jMyyzeU
y+tIwK4iWEunNMz6FGu5tIXZLYWZzLS1qE34UFpZj33M9oMsNkOLSeS2TpIZ2m0b
kUbCdg1KolrFoRSYOL+A
=hN3h
-----END PGP SIGNATURE-----

More information about the Zesty-changes mailing list