Format: 1.8
Date: Tue, 24 Sep 2013 21:26:14 -0700
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.4.5-1ubuntu0.1~cloud0
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Adam Gandelman <adamg@ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Launchpad-Bugs-Fixed: 1225784
Changes: 
 python-django (1.4.5-1ubuntu0.1~cloud0) precise-grizzly; urgency=low
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-django (1.4.5-1ubuntu0.1) raring-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
     - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
       in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
       django/contrib/auth/tests/hashers.py.
     - CVE-2013-1443
   * SECURITY UPDATE: directory traversal with ssi template tag
     - debian/patches/CVE-2013-4315.patch: properly check absolute path in
       django/template/defaulttags.py,
       tests/regressiontests/templates/tests.py.
     - CVE-2013-4315
   * SECURITY UPDATE: possible XSS via is_safe_url
     - debian/patches/security-is_safe_url.patch: properly reject URLs which
       specify a scheme other then HTTP or HTTPS.
     - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
     - No CVE number
   * debian/patches/fix-validation-tests.patch: fix regression in tests
     since example.com is now available via https.
Checksums-Sha1: 
 d8e23dcca150b4ab3da0c50ab7ea05c12dd8e15c 1987 python-django_1.4.5-1ubuntu0.1~cloud0.dsc
 1bfaa4643c6775fbf394137f1533659be45441e7 7735582 python-django_1.4.5.orig.tar.gz
 618600c8ba7d0bca241a34d37d5f81734681cfd7 25754 python-django_1.4.5-1ubuntu0.1~cloud0.debian.tar.gz
Checksums-Sha256: 
 18e35316126d8be1b3569dd037b7df796784c1edfdcba614480ec91817e19659 1987 python-django_1.4.5-1ubuntu0.1~cloud0.dsc
 0e1e8c4217299672bbf9404994717fca2d8d4b7a4f7b8b3b74d413e1fda81428 7735582 python-django_1.4.5.orig.tar.gz
 5b341648f4201eb6130c051a13792229c59e302d18e492a1130da60d675b9648 25754 python-django_1.4.5-1ubuntu0.1~cloud0.debian.tar.gz
Files: 
 e15db8895c022caf64f271d9efb8dce8 1987 python optional python-django_1.4.5-1ubuntu0.1~cloud0.dsc
 851d00905eb70e4aa6384b3b8b111fb7 7735582 python optional python-django_1.4.5.orig.tar.gz
 779ddae1c08f728787a9daab1a232577 25754 python optional python-django_1.4.5-1ubuntu0.1~cloud0.debian.tar.gz
Original-Maintainer: Chris Lamb <lamby@debian.org>