Format: 1.8
Date: Sat, 19 Apr 2014 11:21:00 -0400
Source: python-django
Binary: python-django python-django-doc
Architecture: all i386_translations
Version: 1.1.1-2ubuntu1.10
Distribution: lucid
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@brownie.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Launchpad-Bugs-Fixed: 1309779 1309782 1309784
Changes: 
 python-django (1.1.1-2ubuntu1.10) lucid-security; urgency=medium
 .
   * SECURITY UPDATE: unexpected code execution using reverse()
     (LP: #1309779)
     - debian/patches/CVE-2014-0472.patch: added filtering to
       django/core/urlresolvers.py, added tests to
       tests/regressiontests/urlpatterns_reverse/nonimported_module.py,
       tests/regressiontests/urlpatterns_reverse/tests.py,
       tests/regressiontests/urlpatterns_reverse/urls.py,
       tests/regressiontests/urlpatterns_reverse/views.py.
     - CVE-2014-0472
   * SECURITY UPDATE: caching of anonymous pages could reveal CSRF token
     (LP: #1309782)
     - debian/patches/CVE-2014-0473.patch: don't cache responses with a
       cookie in django/middleware/cache.py, backport has_vary_header() to
       django/utils/cache.py.
     - CVE-2014-0473
   * SECURITY UPDATE: MySQL typecasting issue (LP: #1309784)
     - debian/patches/CVE-2014-0474.patch: convert arguments to correct
       type in django/db/models/fields/__init__.py, added tests to
       tests/regressiontests/model_fields/tests.py.
     - CVE-2014-0474
Checksums-Sha1: 
 4166aa61ed2e70bb56be964adde3afee838867f8 3853582 python-django_1.1.1-2ubuntu1.10_all.deb
 c6502a186d8fbd12148eb83e66c483c855677726 1536574 python-django-doc_1.1.1-2ubuntu1.10_all.deb
 71e3fe7d5e1e6c8b3705065afb36364eb36eee86 3622066 python-django_1.1.1-2ubuntu1.10_i386_translations.tar.gz
Checksums-Sha256: 
 64d4b2c055920cd98e1eee50bc9964a2e35db8e6a77444513547bfc09bc126b9 3853582 python-django_1.1.1-2ubuntu1.10_all.deb
 ba25b92da87b9d8b34aa5cdbbb0a4a341650c68634462f8ff7d9d6343f5d0314 1536574 python-django-doc_1.1.1-2ubuntu1.10_all.deb
 edff8b1c186ee4d4af6d205f05e297d1fad9daaab94807f1d163d67b7aa60600 3622066 python-django_1.1.1-2ubuntu1.10_i386_translations.tar.gz
Files: 
 e6272a0aef2165c194942d8b0e632c6a 3853582 python optional python-django_1.1.1-2ubuntu1.10_all.deb
 dd797408a07e7dc40597472cb336e30d 1536574 doc optional python-django-doc_1.1.1-2ubuntu1.10_all.deb
 d46fd5ed367c57351efff59fd2b46300 3622066 raw-translations - python-django_1.1.1-2ubuntu1.10_i386_translations.tar.gz
Original-Maintainer: Chris Lamb <lamby@debian.org>