python-django 1.3-2ubuntu1.1 source package in Ubuntu
Changelog
python-django (1.3-2ubuntu1.1) oneiric-security; urgency=low * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. Also update to use a url opener that does not support local file access - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ -- Jamie Strandboge <email address hidden> Mon, 28 Nov 2011 15:58:45 -0600
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Oneiric
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_1.3.orig.tar.gz | 6.2 MiB | 7aeee5c80002ab81d4ebf5416292949ff46e1448d183a183fe05ff6344771c83 |
python-django_1.3-2ubuntu1.1.debian.tar.gz | 24.1 KiB | 8f83d0d1cf78f8efc8a6b04e62c56ae5932bd02fd515f0805305aeb3cf20c40d |
python-django_1.3-2ubuntu1.1.dsc | 2.2 KiB | 34338f88f5e0b8dd6f689e9f8330d34805ff001c9a00075af6e7f6d57380446e |
Available diffs
Binary packages built by this source
- python-django: No summary available for python-django in ubuntu oneiric.
No description available for python-django in ubuntu oneiric.
- python-django-doc: No summary available for python-django-doc in ubuntu oneiric.
No description available for python-django-doc in ubuntu oneiric.