Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
python-django (1.6.1-2ubuntu0.8) trusty-security; urgency=medium
* SECURITY UPDATE: denial-of-service possibility with strip_tags
- debian/patches/CVE-2015-2316.patch: improve and fix infinite loop
possibility in django/utils/html.py, added tests to
tests/utils_tests/test_html.py, clarified documentation in
docs/ref/templates/builtins.txt, docs/ref/utils.txt.
- CVE-2015-2316
* SECURITY UPDATE: XSS attack via user-supplied redirect URLs
- debian/patches/CVE-2015-2317.patch: reject URLs that start with
control characters in django/utils/http.py, added test to
tests/utils_tests/test_http.py.
- CVE-2015-2317
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 10:34:50 -0400