Ubuntu

“python-django” 1.3.1-4ubuntu1.6 source package in Ubuntu

Changelog

python-django (1.3.1-4ubuntu1.6) precise-security; urgency=low

  * SECURITY UPDATE: host header poisoning (LP: #1089337)
    - debian/patches/fix_get_host.patch: tighten host header validation in
      django/http/__init__.py, add tests to
      tests/regressiontests/requests/tests.py.
    - https://www.djangoproject.com/weblog/2012/dec/10/security/
    - No CVE number
  * SECURITY UPDATE: redirect poisoning (LP: #1089337)
    - debian/patches/fix_redirect_poisoning.patch: tighten validation in
      django/contrib/auth/views.py,
      django/contrib/comments/views/comments.py,
      django/contrib/comments/views/moderation.py,
      django/contrib/comments/views/utils.py, django/utils/http.py,
      django/views/i18n.py, add tests to
      tests/regressiontests/comment_tests/tests/comment_view_tests.py,
      tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
      tests/regressiontests/views/tests/i18n.py.
    - https://www.djangoproject.com/weblog/2012/dec/10/security/
    - No CVE number
  * SECURITY UPDATE: host header poisoning (LP: #1130445)
    - debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
      to django/conf/global_settings.py,
      django/conf/project_template/settings.py,
      django/http/__init__.py, django/test/utils.py, add docs to
      docs/ref/settings.txt, add tests to
      tests/regressiontests/requests/tests.py.
    - https://www.djangoproject.com/weblog/2013/feb/19/security/
    - No CVE number
  * SECURITY UPDATE: XML attacks (LP: #1130445)
    - debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
      and external entities/DTDs in
      django/core/serializers/xml_serializer.py, add tests to
      tests/regressiontests/serializers_regress/tests.py.
    - https://www.djangoproject.com/weblog/2013/feb/19/security/
    - CVE-2013-1664
    - CVE-2013-1665
  * SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
    - debian/patches/CVE-2013-0305.patch: add permission checks to history
      view in django/contrib/admin/options.py, add tests to
      tests/regressiontests/admin_views/tests.py.
    - https://www.djangoproject.com/weblog/2013/feb/19/security/
    - CVE-2013-0305
  * SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
    - debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
      django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
      docs/topics/forms/modelforms.txt, add tests to
      tests/regressiontests/forms/tests/formsets.py.
    - https://www.djangoproject.com/weblog/2013/feb/19/security/
    - CVE-2013-0306
 -- Marc Deslauriers <email address hidden>   Mon, 04 Mar 2013 10:13:59 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2013-03-07
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
all
Section:
python
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Precise: [FULLYBUILT] i386

Downloads

File Size MD5 Checksum
python-django_1.3.1.orig.tar.gz 6.2 MiB 62d8642fd06b9a0bf8544178f8500767
python-django_1.3.1-4ubuntu1.6.debian.tar.gz 43.0 KiB b3c301606659e0b197c2c3027e6cec3a
python-django_1.3.1-4ubuntu1.6.dsc 2.3 KiB 7e44abf7069191e6bb431565874fb5df

Binary packages built by this source

python-django: High-level Python web development framework

 Django is a high-level web application framework that loosely follows the
 model-view-controller design pattern.
 .
 Python's equivalent to Ruby on Rails, Django lets you build complex
 data-driven websites quickly and easily - Django focuses on automating as much
 as possible and adhering to the "Don't Repeat Yourself" (DRY) principle.
 .
 Django additionally emphasizes reusability and "pluggability" of components;
 many generic third-party "applications" are available to enhance projects or
 to simply to reduce development time even further.
 .
 Notable features include:
  * An object-relational mapper (ORM)
  * Automatic admin interface
  * Elegant URL dispatcher
  * Form serialization and validation system
  * Templating system
  * Lightweight, standalone web server for development and testing
  * Internationalization support
  * Testing framework and client

python-django-doc: High-level Python web development framework (documentation)

 Django is a high-level web application framework that loosely follows the
 model-view-controller design pattern.
 .
 Python's equivalent to Ruby on Rails, Django lets you build complex
 data-driven websites quickly and easily - Django focuses on automating as much
 as possible and adhering to the "Don't Repeat Yourself" (DRY) principle.
 .
 Django additionally emphasizes reusability and "pluggability" of components;
 many generic third-party "applications" are available to enhance projects or
 to simply to reduce development time even further.
 .
 This package contains the HTML documentation and example projects.