[ubuntu/zesty-proposed] python-django 1.8.7-1ubuntu11 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Apr 5 09:47:22 UTC 2017 

python-django (1.8.7-1ubuntu11) zesty; urgency=medium

  * SECURITY UPDATE: Open redirect and possible XSS attack via
    user-supplied numeric redirect URLs
    - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
      URLs in django/utils/http.py, added tests to
      tests/utils_tests/test_http.py.
    - CVE-2017-7233
  * SECURITY UPDATE: Open redirect vulnerability in
    django.views.static.serve()
    - debian/patches/CVE-2017-7234.patch: remove redirect from
      django/views/static.py.
    - CVE-2017-7234

Date: Mon, 03 Apr 2017 10:32:55 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu11
-------------- next part --------------
Format: 1.8
Date: Mon, 03 Apr 2017 10:32:55 -0400
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source
Version: 1.8.7-1ubuntu11
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1.8.7-1ubuntu11) zesty; urgency=medium
 .
   * SECURITY UPDATE: Open redirect and possible XSS attack via
     user-supplied numeric redirect URLs
     - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
       URLs in django/utils/http.py, added tests to
       tests/utils_tests/test_http.py.
     - CVE-2017-7233
   * SECURITY UPDATE: Open redirect vulnerability in
     django.views.static.serve()
     - debian/patches/CVE-2017-7234.patch: remove redirect from
       django/views/static.py.
     - CVE-2017-7234
Checksums-Sha1:
 a29397068dea339abd3275fd17fb63f25a6c11ab 2791 python-django_1.8.7-1ubuntu11.dsc
 3d07061ed1ebba3a23be5984c51611caf5017811 39664 python-django_1.8.7-1ubuntu11.debian.tar.xz
Checksums-Sha256:
 4c5d49b08b231e8e73c9c03f3c0249982136a40f7014176c9ae8ec7050008284 2791 python-django_1.8.7-1ubuntu11.dsc
 699c23a4a433f56ab9bb2d3df299d8d38b20e09d7bd868f3946ff260b2038715 39664 python-django_1.8.7-1ubuntu11.debian.tar.xz
Files:
 a8f88a319ea96322241cd879b0ac0d51 2791 python optional python-django_1.8.7-1ubuntu11.dsc
 ebd3ab16ed21c9bc92775d0cc446b8b3 39664 python optional python-django_1.8.7-1ubuntu11.debian.tar.xz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

More information about the Zesty-changes mailing list