Publishing details

• Removed from disk on 2014-04-23.
• Removal requested on 2014-04-23.
• Superseded on 2014-04-22 by python-django - 1.1.1-2ubuntu1.10
• Published on 2013-09-24
• Copied from ubuntu lucid in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

python-django (1.1.1-2ubuntu1.9) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
    - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
      in django/contrib/auth/forms.py, django/contrib/auth/models.py,
      django/contrib/auth/tests/basic.py.
    - CVE-2013-1443
  * SECURITY UPDATE: directory traversal with ssi template tag
    - debian/patches/CVE-2013-4315.patch: properly check absolute path in
      django/template/defaulttags.py,
      tests/regressiontests/templates/tests.py,
      tests/regressiontests/templates/templates/*.
    - CVE-2013-4315
  * SECURITY UPDATE: possible XSS via is_safe_url
    - debian/patches/security-is_safe_url.patch: properly reject URLs which
      specify a scheme other then HTTP or HTTPS.
    - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
    - No CVE number
 -- Marc Deslauriers <email address hidden>   Fri, 20 Sep 2013 09:33:23 -0400

Builds

• i386

Package files

• python-django-doc_1.1.1-2ubuntu1.9_all.deb (1.5 MiB)
• python-django_1.1.1-2ubuntu1.9.diff.gz (68.2 KiB)
• python-django_1.1.1-2ubuntu1.9.dsc (2.2 KiB)
• python-django_1.1.1-2ubuntu1.9_all.deb (3.7 MiB)
• python-django_1.1.1.orig.tar.gz (5.4 MiB)