- Committer: Package Import Robot
- Date: 2014-09-10 13:07:32 UTC
- mfrom: (29.1.10 lucid-security)
- Revision ID: package-import@ubuntu.com-20140910130732-rcrrcllb9xr7uqxq
* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
- debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
URLs pointing to other hosts in django/core/urlresolvers.py, added
tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
- CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
- debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
django/core/files/storage.py, updated docs in
docs/howto/custom-file-storage.txt, added tests to
tests/modeltests/files/models.py,
tests/regressiontests/file_storage/tests.py, backport
get_random_string() to django/utils/crypto.py.
- CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
- debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
logout on REMOTE_USE change in django/contrib/auth/middleware.py,
added test to django/contrib/auth/tests/remote_user.py.
- CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
- debian/patches/CVE-2014-0483.patch: validate to_field in
django/contrib/admin/{options,exceptions}.py,
django/contrib/admin/views/main.py, added tests to
tests/regressiontests/admin_views/tests.py.
- debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
django/contrib/admin/options.py, added tests to
tests/regressiontests/admin_views/{models,tests}.py.
- debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
django/contrib/admin/options.py, added tests to
tests/regressiontests/admin_views/{models,tests}.py.
- CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.
- debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
URLs pointing to other hosts in django/core/urlresolvers.py, added
tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
- CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
- debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
django/core/files/storage.py, updated docs in
docs/howto/custom-file-storage.txt, added tests to
tests/modeltests/files/models.py,
tests/regressiontests/file_storage/tests.py, backport
get_random_string() to django/utils/crypto.py.
- CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
- debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
logout on REMOTE_USE change in django/contrib/auth/middleware.py,
added test to django/contrib/auth/tests/remote_user.py.
- CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
- debian/patches/CVE-2014-0483.patch: validate to_field in
django/contrib/admin/{options,exceptions}.py,
django/contrib/admin/views/main.py, added tests to
tests/regressiontests/admin_views/tests.py.
- debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
django/contrib/admin/options.py, added tests to
tests/regressiontests/admin_views/{models,tests}.py.
- debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
django/contrib/admin/options.py, added tests to
tests/regressiontests/admin_views/{models,tests}.py.
- CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
debian
|
2 | 17 years ago | Bazaar Package Importer | [ Brett Parker ] * 0.95 release - initial packagin |
|
||
|
django
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
docs
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
examples
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
extras
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
scripts
|
16 | 15 years ago | Bazaar Package Importer | * Merge from Debian (LP: #264191), remaining chang |
|
||
|
tests
|
1.2.3 | 14 years ago | Bazaar Package Importer | Import upstream version 1.1 |
|
||
AUTHORS |
25 | 14 years ago | Bazaar Package Importer | * Merge python-django 1.1.1-1 from debian unstable | 16.7 KB |
|
|
|
INSTALL |
1.1.7 | 15 years ago | Bazaar Package Importer | Import upstream version 1.0.2 | 816 bytes |
|
|
|
LICENSE |
1.2.1 | 15 years ago | Bazaar Package Importer | Import upstream version 1.0 | 1.5 KB |
|
|
|
MANIFEST.in |
22 | 14 years ago | Bazaar Package Importer | * New upstream release. * Merge from experimental: | 1013 bytes |
|
|
|
PKG-INFO |
1.1.9 | 14 years ago | Bazaar Package Importer | Import upstream version 1.1.1 | 1 KB |
|
|
|
README |
16 | 15 years ago | Bazaar Package Importer | * Merge from Debian (LP: #264191), remaining chang | 1.4 KB |
|
|
|
setup.cfg |
16 | 15 years ago | Bazaar Package Importer | * Merge from Debian (LP: #264191), remaining chang | 117 bytes |
|
|
|
setup.py |
25 | 14 years ago | Bazaar Package Importer | * Merge python-django 1.1.1-1 from debian unstable | 3.9 KB |
|
|