python-django 1.4.5-1ubuntu0.1 source package in Ubuntu

Changelog

python-django (1.4.5-1ubuntu0.1) raring-security; urgency=low

  * SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
    - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
      in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
      django/contrib/auth/tests/hashers.py.
    - CVE-2013-1443
  * SECURITY UPDATE: directory traversal with ssi template tag
    - debian/patches/CVE-2013-4315.patch: properly check absolute path in
      django/template/defaulttags.py,
      tests/regressiontests/templates/tests.py.
    - CVE-2013-4315
  * SECURITY UPDATE: possible XSS via is_safe_url
    - debian/patches/security-is_safe_url.patch: properly reject URLs which
      specify a scheme other then HTTP or HTTPS.
    - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
    - No CVE number
  * debian/patches/fix-validation-tests.patch: fix regression in tests
    since example.com is now available via https.
 -- Marc Deslauriers <email address hidden>   Fri, 20 Sep 2013 08:48:09 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2013-09-20
Uploaded to:
Raring
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
all
Section:
python
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Raring: [FULLYBUILT] i386

Downloads

File Size MD5 Checksum
python-django_1.4.5.orig.tar.gz 7.4 MiB 851d00905eb70e4aa6384b3b8b111fb7
python-django_1.4.5-1ubuntu0.1.debian.tar.gz 24.9 KiB 557eead571b4cdf63d1be69b004a10c3
python-django_1.4.5-1ubuntu0.1.dsc 2.3 KiB a8da6f52225db4801f0481fbface89dd

View changes file

Binary packages built by this source

python-django: No summary available for python-django in ubuntu raring.

No description available for python-django in ubuntu raring.

python-django-doc: No summary available for python-django-doc in ubuntu raring.

No description available for python-django-doc in ubuntu raring.