python-django 1.3-2ubuntu1.1 source package in Ubuntu


python-django (1.3-2ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: session manipulation when using django.contrib.sessions
    with memory-based sessions and caching
    - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys
      for session instead of root namespace
    - CVE-2011-4136
  * SECURITY UPDATE: potential denial of service and information disclosure in
    - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by
      default and use a timeout if available. Also update to use a url opener
      that does not support local file access
    - CVE-2011-4137, CVE-2011-4138
  * SECURITY UPDATE: potential cache-poisoning via crafted Host header
    - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by
      default when constructing full URLs
    - CVE-2011-4139
  * More information on these issues can be found at:
 -- Jamie Strandboge <email address hidden>   Mon, 28 Nov 2011 15:58:45 -0600

Upload details

Uploaded by:
Jamie Strandboge on 2011-12-08
Uploaded to:
Original maintainer:
Ubuntu Developers
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


Oneiric: [FULLYBUILT] i386


File Size SHA-256 Checksum
python-django_1.3.orig.tar.gz 6.2 MiB 7aeee5c80002ab81d4ebf5416292949ff46e1448d183a183fe05ff6344771c83
python-django_1.3-2ubuntu1.1.debian.tar.gz 24.1 KiB 8f83d0d1cf78f8efc8a6b04e62c56ae5932bd02fd515f0805305aeb3cf20c40d
python-django_1.3-2ubuntu1.1.dsc 2.2 KiB 34338f88f5e0b8dd6f689e9f8330d34805ff001c9a00075af6e7f6d57380446e

View changes file

Binary packages built by this source

python-django: No summary available for python-django in ubuntu oneiric.

No description available for python-django in ubuntu oneiric.

python-django-doc: No summary available for python-django-doc in ubuntu oneiric.

No description available for python-django-doc in ubuntu oneiric.