python-django 1.4.1-2ubuntu0.4 source package in Ubuntu

Changelog

python-django (1.4.1-2ubuntu0.4) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
    - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
      in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
      django/contrib/auth/tests/hashers.py.
    - CVE-2013-1443
  * SECURITY UPDATE: directory traversal with ssi template tag
    - debian/patches/CVE-2013-4315.patch: properly check absolute path in
      django/template/defaulttags.py,
      tests/regressiontests/templates/tests.py.
    - CVE-2013-4315
  * SECURITY UPDATE: possible XSS via is_safe_url
    - debian/patches/security-is_safe_url.patch: properly reject URLs which
      specify a scheme other then HTTP or HTTPS.
    - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
    - No CVE number
  * debian/patches/fix-validation-tests.patch: fix regression in tests
    since example.com is now available via https.
 -- Marc Deslauriers <email address hidden>   Fri, 20 Sep 2013 09:05:04 -0400