Format: 1.8 Date: Tue, 09 Sep 2014 14:37:19 -0400 Source: python-django Binary: python-django python-django-doc Architecture: all i386_translations Version: 1.3.1-4ubuntu1.12 Distribution: precise Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Changes: python-django (1.3.1-4ubuntu1.12) precise-security; urgency=medium . * SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating URLs pointing to other hosts in django/core/urlresolvers.py, added tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py. - CVE-2014-0480 * SECURITY UPDATE: denial of service via file upload handling - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in django/core/files/storage.py, updated docs in docs/howto/custom-file-storage.txt, docs/ref/files/storage.txt, added tests to tests/modeltests/files/tests.py, tests/regressiontests/file_storage/tests.py, backport get_random_string() to django/utils/crypto.py. - CVE-2014-0481 * SECURITY UPDATE: web session hijack via REMOTE_USER header - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to logout on REMOTE_USE change in django/contrib/auth/middleware.py, added test to django/contrib/auth/tests/remote_user.py. - CVE-2014-0482 * SECURITY UPDATE: data leak in contrib.admin via query string manipulation - debian/patches/CVE-2014-0483.patch: validate to_field in django/contrib/admin/{options,exceptions}.py, django/contrib/admin/views/main.py, added tests to tests/regressiontests/admin_views/tests.py. - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in django/contrib/admin/options.py, added tests to tests/regressiontests/admin_views/{models,tests}.py. - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in django/contrib/admin/options.py, added tests to tests/regressiontests/admin_views/{models,tests}.py. - CVE-2014-0483 Checksums-Sha1: de33ede61e9422d528acd88aa9186e71ec7cf5fc 4363466 python-django_1.3.1-4ubuntu1.12_all.deb 0cbb0325aad455ac705361f887a994397c7c2f5c 2134664 python-django-doc_1.3.1-4ubuntu1.12_all.deb 2c901413f58827d86b34ae1e474d171632bc9126 5824292 python-django_1.3.1-4ubuntu1.12_i386_translations.tar.gz Checksums-Sha256: b74d3126373a66df3409a3a00722dd61da4c5fa07cd20e93a7ea67e463c59d91 4363466 python-django_1.3.1-4ubuntu1.12_all.deb 0356c386d988b65a56fa8ea8d8185f6af01d1742bf448cc1cf0e66f149b99444 2134664 python-django-doc_1.3.1-4ubuntu1.12_all.deb 28d807afb7366dca9a41c11e1afe40d0c7ead2472dae245f2dc60fc3b2e1251b 5824292 python-django_1.3.1-4ubuntu1.12_i386_translations.tar.gz Files: acad5425aaf3e76b090ef518797e318d 4363466 python optional python-django_1.3.1-4ubuntu1.12_all.deb 3b8de8b14666b559696bc6ce8972a2bc 2134664 doc optional python-django-doc_1.3.1-4ubuntu1.12_all.deb ce5963d5a3f364e0f29f136ede438f51 5824292 raw-translations - python-django_1.3.1-4ubuntu1.12_i386_translations.tar.gz Original-Maintainer: Chris Lamb