-
python-django (1.1.1-1ubuntu1.2) karmic-security; urgency=low
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/25_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
-- Jamie Strandboge <email address hidden> Tue, 15 Feb 2011 17:18:54 -0600
-
python-django (1.1.1-1ubuntu1.1) karmic-security; urgency=low
* SECURITY UPDATE: information leak in admin interface
- debian/patches/21_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/22_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
* add patch from Lucid to fix FTBFS in November by applying patch from
upstream bug #12125
- debian/patches/23_ftbfs_in_november.diff
-- Jamie Strandboge <email address hidden> Mon, 03 Jan 2011 11:36:34 -0600
-
python-django (1.1.1-1ubuntu1) karmic; urgency=low
* Merge python-django 1.1.1-1 from debian unstable (LP: #447617)
for security and bug fixes, all Ubuntu changes merged by Debian.
* Add to debian/patches:
- 20_python2.6.3_regression.patch - backported upstream commit 11620
to make Django work with Python 2.6.3 properly. (LP: #445639)
python-django (1.1.1-1) unstable; urgency=high
* New upstream security release - fixes pathological regular expression
backtracking performance in URL and email fields which can be used as part
of a denial of service attack.
* Set Maintainer: to myself with thanks to Brett Parker.
* Bump versioned build dependency on quilt to help backporters.
(Closes: #547955)
python-django (1.1-4) unstable; urgency=low
* Sourceful upload to drop dependency on Python 2.4.
python-django (1.1-3) unstable; urgency=low
* Disable regression tests that require an internet connection. Patch by
Krzysztof Klimonda <email address hidden>. (Closes: #542996)
* Bump Standards-Version to 3.8.3.
-- Krzysztof Klimonda <email address hidden> Mon, 12 Oct 2009 19:22:16 +0200
-
python-django (1.1-2ubuntu1) karmic; urgency=low
* debian/patches/20_disable_url_verify_regression_tests.diff
- Disable regression tests that require internet connection.
-- Krzysztof Klimonda <email address hidden> Sat, 15 Aug 2009 21:04:29 +0200
-
python-django (1.1-2) unstable; urgency=low
* Run testsuite on build.
* Use "--with quilt" over specifying $(QUILT_STAMPFN)/unpatch dependencies.
* Override clean target correctly.
-- Krzysztof Klimonda <email address hidden> Sat, 15 Aug 2009 17:26:19 +0100
-
python-django (1.1-1) unstable; urgency=low
* New upstream release.
* Merge from experimental:
- Ship FastCGI initscript and /etc/default file in python-django's examples
directory (Closes: #538863)
- Drop "05_10539-sphinx06-compatibility.diff"; it has been applied
upstream.
- Bump Standards-Version to 3.8.2.
-- Krzysztof Klimonda <email address hidden> Mon, 03 Aug 2009 14:41:55 +0100
-
python-django (1.0.2-7) unstable; urgency=low
* Fix compatibility with Python 2.6 and Python transitions in general.
Thanks to Krzysztof Klimonda <email address hidden>.
python-django (1.0.2-6) unstable; urgency=low
* Backport patch from <http://code.djangoproject.com/ticket/10539> to fix
FTBFS when using python-sphinx >= 0.6. (Closes: #527492)
-- Krzysztof Klimonda <email address hidden> Mon, 18 May 2009 12:00:44 +0100
-
python-django (1.0.2-5ubuntu1) karmic; urgency=low
* Python 2.6 transition.
-- Michael Bienia <email address hidden> Sat, 09 May 2009 15:24:36 +0200
-
python-django (1.0.2-5) unstable; urgency=low
* Fix issue where newly created projects do not have their manage.py file
executable.
python-django (1.0.2-4) unstable; urgency=low
* Programatically replace most references to "django-admin.py" with
"django-admin" in the generated documentation. (Closes: #519937)
* Bump Standards-Version to 3.8.1; no changes.
python-django (1.0.2-3) unstable; urgency=low
* Split documentation into a separate python-django-doc package due to size
(approximately 6Mb).
python-django (1.0.2-2) unstable; urgency=low
* Don't rely on the internal layout of python-support. (Closes: #517052)
* Move to debhelper-based packaging for operational clarity:
- Remove bashisms from binary-post-install.
- Use quilt instead of simple-patchsys.mk and adjust existing patches so
that we can apply with -p1 for the "quilt" source package type.
* Adjust Build-Depends:
- Bump debhelper requirement 7.0.50 for override_* feature.
- Drop cdbs, python-dev and python-setuptools requirement.
- Just Build-Depend on `python', not `python-dev'.
- Drop versions on Build-Depends where they are satisfied in current
oldstable (ie. etch).
* debian/control:
- Add python-sqlite to Suggests.
- Remove repeated 'Priority' line in binary package stanza.
- Update crufty long and short descriptions.
- Add ${misc:Depends} in binary stanza for debhelper-using package.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:09:25 +0100
-
python-django (1.0.2-1) unstable; urgency=low
[ Chris Lamb ]
* New upstream bugfix release. Closes: #505783
* Add myself to Uploaders with ACK from Brett.
[ David Spreen ]
* Remove python-pysqlite2 from Recommends because Python 2.5 includes
sqlite library used by Django. Closes: 497886
[ Sandro Tosi ]
* debian/control
- switch Vcs-Browser field to viewsvn
-- Lionel Porcheron <email address hidden> Wed, 10 Dec 2008 22:14:55 +0000