python-django 1.4.1-2ubuntu0.7 source package in Ubuntu
Changelog
python-django (1.4.1-2ubuntu0.7) quantal-security; urgency=medium
* SECURITY UPDATE: cache coherency problems in old Internet Explorer
compatibility functions lead to loss of privacy and cache poisoning
attacks. (LP: #1317663)
- debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
and fix_IE_for_attach() functions so Cache-Control and Vary headers are
no longer modified. This may introduce some regressions for IE 6 and IE 7
users. Patch from upstream.
- CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
some malformed URLs, which are accepted by some browsers. This allows a
user to be redirected to an unsafe URL unexpectedly.
- debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
forbid URLs without a host but with a path. Patch from upstream.
-- Seth Arnold <email address hidden> Wed, 14 May 2014 11:05:38 -0700
Upload details
- Uploaded by:
- Seth Arnold
- Uploaded to:
- Quantal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_1.4.1.orig.tar.gz | 7.3 MiB | 4d8d20eba350d3d29613cc5a6302d5c23730c7f9e150985bc58b3175b755409b |
| python-django_1.4.1-2ubuntu0.7.debian.tar.gz | 57.1 KiB | d9cf4f36dddb4537d5efbcc301039f521b53c30324ba397d0b1020b5ec8de7c7 |
| python-django_1.4.1-2ubuntu0.7.dsc | 1.9 KiB | c19345f6ef0313d02acf022e6c29271a75233609ce87e2662c8a11fe320db7f2 |
Available diffs
Binary packages built by this source
- python-django: No summary available for python-django in ubuntu quantal.
No description available for python-django in ubuntu quantal.
- python-django-doc: No summary available for python-django-doc in ubuntu quantal.
No description available for python-django-doc in ubuntu quantal.
