python-django 1.1.1-2ubuntu1.14 source package in Ubuntu
Changelog
python-django (1.1.1-2ubuntu1.14) lucid-security; urgency=medium
* SECURITY UPDATE: WSGI header spoofing via underscore/dash conflation
- debian/patches/CVE-2015-0219.patch: strip headers with underscores in
django/core/servers/basehttp.py, added test to
tests/regressiontests/servers/tests.py.
- CVE-2015-0219
* SECURITY UPDATE: Mitigated possible XSS attack via user-supplied
redirect URLs
- debian/patches/CVE-2015-0220.patch: filter url in
django/utils/http.py.
- CVE-2015-0220
* SECURITY UPDATE: Denial-of-service attack against
django.views.static.serve
- debian/patches/CVE-2015-0221.patch: limit large files in
django/views/static.py, added test to
tests/regressiontests/views/media/long-line.txt,
tests/regressiontests/views/tests/static.py.
- CVE-2015-0221
-- Marc Deslauriers <email address hidden> Tue, 13 Jan 2015 08:14:45 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Lucid
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_1.1.1.orig.tar.gz | 5.4 MiB | d65b18319496fc4923b37fdb736e5ba1a90a3a18e2d7eaac7f3ad30738d1f6e4 |
| python-django_1.1.1-2ubuntu1.14.diff.gz | 86.8 KiB | 42141ea7f82e38801a353809aff4f366022c12f1ffe8427eaffa0d95e6013cb9 |
| python-django_1.1.1-2ubuntu1.14.dsc | 2.2 KiB | f0fab5c0cb653a0146b7e347b80c224768a143f03b71c7d0ba8e51dbf7b855cf |
Available diffs
Binary packages built by this source
- python-django: No summary available for python-django in ubuntu lucid.
No description available for python-django in ubuntu lucid.
- python-django-doc: No summary available for python-django-doc in ubuntu lucid.
No description available for python-django-doc in ubuntu lucid.
