~ubuntu-branches/ubuntu/lucid/python-django/lucid-security

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-09-10 13:07:32 UTC
  • Revision ID: package-import@ubuntu.com-20140910130732-ggo4hojqf9z22axy
Tags: 1.1.1-2ubuntu1.13
* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
python-django (1.1.1-2ubuntu1.13) lucid-security; urgency=medium
 
2
 
 
3
  * SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
 
4
    - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
 
5
      URLs pointing to other hosts in django/core/urlresolvers.py, added
 
6
      tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
 
7
    - CVE-2014-0480
 
8
  * SECURITY UPDATE: denial of service via file upload handling
 
9
    - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
 
10
      django/core/files/storage.py, updated docs in
 
11
      docs/howto/custom-file-storage.txt, added tests to
 
12
      tests/modeltests/files/models.py,
 
13
      tests/regressiontests/file_storage/tests.py, backport
 
14
      get_random_string() to django/utils/crypto.py.
 
15
    - CVE-2014-0481
 
16
  * SECURITY UPDATE: web session hijack via REMOTE_USER header
 
17
    - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
 
18
      logout on REMOTE_USE change in django/contrib/auth/middleware.py,
 
19
      added test to django/contrib/auth/tests/remote_user.py.
 
20
    - CVE-2014-0482
 
21
  * SECURITY UPDATE: data leak in contrib.admin via query string manipulation
 
22
    - debian/patches/CVE-2014-0483.patch: validate to_field in
 
23
      django/contrib/admin/{options,exceptions}.py,
 
24
      django/contrib/admin/views/main.py, added tests to
 
25
      tests/regressiontests/admin_views/tests.py.
 
26
    - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
 
27
      django/contrib/admin/options.py, added tests to
 
28
      tests/regressiontests/admin_views/{models,tests}.py.
 
29
    - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
 
30
      django/contrib/admin/options.py, added tests to
 
31
      tests/regressiontests/admin_views/{models,tests}.py.
 
32
    - CVE-2014-0483
 
33
  * debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.
 
34
 
 
35
 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 10 Sep 2014 13:07:32 -0400
 
36
 
1
37
python-django (1.1.1-2ubuntu1.12) lucid-security; urgency=medium
2
38
 
3
39
  * SECURITY UPDATE: cache coherency problems in old Internet Explorer