Viewing all changes in revision 28.
- Committer: Bazaar Package Importer
- Date: 2011-01-03 11:31:57 UTC
- Revision ID: james.westby@ubuntu.com-20110103113157-5i1prqx3m4jwl901
* SECURITY UPDATE: information leak in admin interface
- debian/patches/08_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/09_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
- debian/patches/08_security_admin_infoleak.diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/09_security_pasword_reset_dos.diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
expand all
collapse all
added
removed
