python-django 1.1.1-2ubuntu1.4 source package in Ubuntu
Changelog
python-django (1.1.1-2ubuntu1.4) lucid-security; urgency=low
* SECURITY UPDATE: session manipulation when using django.contrib.sessions
with memory-based sessions and caching
- debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys
for session instead of root namespace
- CVE-2011-4136
* SECURITY UPDATE: potential denial of service and information disclosure in
URLField
- debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by
default and use a timeout if available.
- CVE-2011-4137, CVE-2011-4138
* SECURITY UPDATE: potential cache-poisoning via crafted Host header
- debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by
default when constructing full URLs
- CVE-2011-4139
* More information on these issues can be found at:
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
-- Jamie Strandboge <email address hidden> Wed, 07 Dec 2011 16:02:57 -0600
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Lucid
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_1.1.1.orig.tar.gz | 5.4 MiB | d65b18319496fc4923b37fdb736e5ba1a90a3a18e2d7eaac7f3ad30738d1f6e4 |
| python-django_1.1.1-2ubuntu1.4.diff.gz | 49.0 KiB | 26f2a02f00de6879554d8cf7f09470719531771bc5c4ce5a04ef8fbc51ab30f5 |
| python-django_1.1.1-2ubuntu1.4.dsc | 2.2 KiB | 46156f4761e5922c0165439d805613e9334064eb1a3f026750c344f2962e5356 |
Available diffs
Binary packages built by this source
- python-django: No summary available for python-django in ubuntu lucid.
No description available for python-django in ubuntu lucid.
- python-django-doc: No summary available for python-django-doc in ubuntu lucid.
No description available for python-django-doc in ubuntu lucid.
