Publishing details

Published on 2017-04-04
Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

python-django (1.3.1-4ubuntu1.23) precise-security; urgency=medium

  * SECURITY UPDATE: Open redirect and possible XSS attack via
    user-supplied numeric redirect URLs
    - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
      URLs in django/utils/http.py, added tests to
      tests/regressiontests/utils/http.py.
    - CVE-2017-7233
  * SECURITY UPDATE: Open redirect vulnerability in
    django.views.static.serve()
    - debian/patches/CVE-2017-7234.patch: remove redirect from
      django/views/static.py.
    - CVE-2017-7234

 -- Marc Deslauriers <email address hidden>  Wed, 29 Mar 2017 07:49:05 -0400

Available diffs

diff from 1.3.1-4ubuntu1.22 to 1.3.1-4ubuntu1.23 (3.0 KiB)

Builds

i386

Built packages

python-django High-level Python web development framework

python-django-doc High-level Python web development framework (documentation)

Package files

python-django-doc_1.3.1-4ubuntu1.23_all.deb (2.0 MiB)
python-django_1.3.1-4ubuntu1.23.debian.tar.gz (94.7 KiB)
python-django_1.3.1-4ubuntu1.23.dsc (2.2 KiB)
python-django_1.3.1-4ubuntu1.23_all.deb (4.1 MiB)
python-django_1.3.1.orig.tar.gz (6.2 MiB)