Publishing details

• Removed from disk on 2015-08-20.
• Removal requested on 2015-08-19.
• Superseded on 2015-08-18 by python-django - 1.7.6-1ubuntu2.2
• Published on 2015-07-09
• Copied from ubuntu vivid in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

python-django (1.7.6-1ubuntu2.1) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service via empty session records
    - debian/patches/CVE-2015-5143.patch: avoid creating a session record
      when loading the session in
      django/contrib/sessions/backends/cache.py,
      django/contrib/sessions/backends/cached_db.py,
      django/contrib/sessions/backends/db.py,
      django/contrib/sessions/backends/file.py,
      added test to django/contrib/sessions/tests.py.
    - CVE-2015-5143
  * SECURITY UPDATE: header injection via newlines
    - debian/patches/CVE-2015-5144.patch: check for newlines in
      django/core/validators.py, added tests to tests/validators/tests.py.
    - CVE-2015-5144

 -- Marc Deslauriers <email address hidden>  Thu, 02 Jul 2015 10:53:48 -0400

Builds

• amd64

Package files

• python-django-common_1.7.6-1ubuntu2.1_all.deb (1.4 MiB)
• python-django-doc_1.7.6-1ubuntu2.1_all.deb (2.4 MiB)
• python-django_1.7.6-1ubuntu2.1.debian.tar.xz (27.1 KiB)
• python-django_1.7.6-1ubuntu2.1.dsc (2.7 KiB)
• python-django_1.7.6-1ubuntu2.1_all.deb (955.7 KiB)
• python-django_1.7.6.orig.tar.gz (7.2 MiB)
• python3-django_1.7.6-1ubuntu2.1_all.deb (939.5 KiB)