Publishing details

• Removed from disk on 2017-04-06.
• Removal requested on 2017-04-05.
• Superseded on 2017-04-04 by python-django - 1.8.7-1ubuntu8.2
• Published on 2016-11-01
• Copied from ubuntu yakkety in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

python-django (1.8.7-1ubuntu8.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: user with hardcoded password created when running
    tests on Oracle
    - debian/patches/CVE-2016-9013.patch: remove hardcoded password in
      django/db/backends/oracle/creation.py, added note to
      docs/ref/settings.txt.
    - CVE-2016-9013
  * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
    - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
      django/http/request.py, updated docs/ref/settings.txt, added test to
      tests/requests/tests.py.
    - CVE-2016-9014

 -- Marc Deslauriers <email address hidden>  Mon, 31 Oct 2016 09:22:27 -0400

Builds

• amd64

Package files

• python-django-common_1.8.7-1ubuntu8.1_all.deb (1.1 MiB)
• python-django-doc_1.8.7-1ubuntu8.1_all.deb (2.6 MiB)
• python-django_1.8.7-1ubuntu8.1.debian.tar.xz (36.1 KiB)
• python-django_1.8.7-1ubuntu8.1.dsc (2.7 KiB)
• python-django_1.8.7-1ubuntu8.1_all.deb (840.0 KiB)
• python-django_1.8.7.orig.tar.gz (6.9 MiB)
• python3-django_1.8.7-1ubuntu8.1_all.deb (822.9 KiB)