Format: 1.8
Date: Wed, 10 Sep 2014 13:07:32 -0400
Source: python-django
Binary: python-django python-django-doc
Architecture: all i386_translations
Version: 1.1.1-2ubuntu1.13
Distribution: lucid
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@aatxe.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Changes: 
 python-django (1.1.1-2ubuntu1.13) lucid-security; urgency=medium
 .
   * SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
     - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
       URLs pointing to other hosts in django/core/urlresolvers.py, added
       tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
     - CVE-2014-0480
   * SECURITY UPDATE: denial of service via file upload handling
     - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
       django/core/files/storage.py, updated docs in
       docs/howto/custom-file-storage.txt, added tests to
       tests/modeltests/files/models.py,
       tests/regressiontests/file_storage/tests.py, backport
       get_random_string() to django/utils/crypto.py.
     - CVE-2014-0481
   * SECURITY UPDATE: web session hijack via REMOTE_USER header
     - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
       logout on REMOTE_USE change in django/contrib/auth/middleware.py,
       added test to django/contrib/auth/tests/remote_user.py.
     - CVE-2014-0482
   * SECURITY UPDATE: data leak in contrib.admin via query string manipulation
     - debian/patches/CVE-2014-0483.patch: validate to_field in
       django/contrib/admin/{options,exceptions}.py,
       django/contrib/admin/views/main.py, added tests to
       tests/regressiontests/admin_views/tests.py.
     - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
       django/contrib/admin/options.py, added tests to
       tests/regressiontests/admin_views/{models,tests}.py.
     - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
       django/contrib/admin/options.py, added tests to
       tests/regressiontests/admin_views/{models,tests}.py.
     - CVE-2014-0483
   * debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.
Checksums-Sha1: 
 360f5227846f563fbca265faaa3f20dd38ccdbdf 3884636 python-django_1.1.1-2ubuntu1.13_all.deb
 61497ce920335c9ae19cafe7056aa8ab7706b6b3 1536732 python-django-doc_1.1.1-2ubuntu1.13_all.deb
 aaf24f673309edaca258abe211d865c15a416423 3621247 python-django_1.1.1-2ubuntu1.13_i386_translations.tar.gz
Checksums-Sha256: 
 477a6e0c957a63e3014127f8ce88081177fa50c6a2950eb7fda152ac09116b39 3884636 python-django_1.1.1-2ubuntu1.13_all.deb
 b0645092fc46f915a5f855a8e7e8b0a52f0ceb3f27fc5ea2db570c7e1f3e9bb9 1536732 python-django-doc_1.1.1-2ubuntu1.13_all.deb
 c0678b49f9937c92943cf930ba88fe526ae6be1b76fe750e924b9bc444dfedf1 3621247 python-django_1.1.1-2ubuntu1.13_i386_translations.tar.gz
Files: 
 61ba59900fbbd4162518b5547927f8f9 3884636 python optional python-django_1.1.1-2ubuntu1.13_all.deb
 a1eadbf3e2e11ee6089bcd0dde39cb5a 1536732 doc optional python-django-doc_1.1.1-2ubuntu1.13_all.deb
 9020bcb40b453a19bf84beb8d384f7c6 3621247 raw-translations - python-django_1.1.1-2ubuntu1.13_i386_translations.tar.gz
Original-Maintainer: Chris Lamb <lamby@debian.org>