python-django 1.6.1-2ubuntu0.4 source package in Ubuntu
Changelog
python-django (1.6.1-2ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
- debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
URLs pointing to other hosts in django/core/urlresolvers.py, added
tests to tests/urlpatterns_reverse/{tests,urls}.py.
- CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
- debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
django/core/files/storage.py, updated docs in
docs/howto/custom-file-storage.txt, docs/ref/files/storage.txt,
added tests to tests/file_storage/tests.py, tests/files/tests.py.
- CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
- debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
logout on REMOTE_USE change in django/contrib/auth/middleware.py,
added test to django/contrib/auth/tests/test_remote_user.py.
- CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
- debian/patches/CVE-2014-0483.patch: validate to_field in
django/contrib/admin/{options,exceptions}.py,
django/contrib/admin/views/main.py, added docs to
docs/ref/exceptions.txt, added tests to tests/admin_views/tests.py.
- debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
django/contrib/admin/options.py, added tests to
tests/admin_views/{admin,models,tests}.py.
- debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
django/contrib/admin/options.py, added tests to
tests/admin_views/{admin,models,tests}.py.
- CVE-2014-0483
-- Marc Deslauriers <email address hidden> Tue, 09 Sep 2014 13:37:23 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_1.6.1.orig.tar.gz | 6.3 MiB | cf011874f54a16e7452e0fe1e7f4ec144b95b47ecf31766c9f1f8cf438f09c06 |
| python-django_1.6.1-2ubuntu0.4.debian.tar.gz | 39.9 KiB | 7218912f76331861540da2fb9ff5a43cb942c40bdab187246ef53904b58c54f3 |
| python-django_1.6.1-2ubuntu0.4.dsc | 2.3 KiB | e81f989becb90a0b58a78d5c9665adb476aaa69c24de996c088bfcd2496806b1 |
Available diffs
Binary packages built by this source
- python-django: High-level Python web development framework
Django is a high-level web application framework that loosely follows the
model-view-controller design pattern.
.
Python's equivalent to Ruby on Rails, Django lets you build complex
data-driven websites quickly and easily - Django focuses on automating as much
as possible and adhering to the "Don't Repeat Yourself" (DRY) principle.
.
Django additionally emphasizes reusability and "pluggability" of components;
many generic third-party "applications" are available to enhance projects or
to simply to reduce development time even further.
.
Notable features include:
* An object-relational mapper (ORM)
* Automatic admin interface
* Elegant URL dispatcher
* Form serialization and validation system
* Templating system
* Lightweight, standalone web server for development and testing
* Internationalization support
* Testing framework and client
- python-django-doc: High-level Python web development framework (documentation)
Django is a high-level web application framework that loosely follows the
model-view-controller design pattern.
.
Python's equivalent to Ruby on Rails, Django lets you build complex
data-driven websites quickly and easily - Django focuses on automating as much
as possible and adhering to the "Don't Repeat Yourself" (DRY) principle.
.
Django additionally emphasizes reusability and "pluggability" of components;
many generic third-party "applications" are available to enhance projects or
to simply to reduce development time even further.
.
This package contains the HTML documentation and example projects.
