~ubuntu-branches/ubuntu/lucid/python-django/lucid-updates

Viewing all changes in revision 31.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-09-06 09:56:37 UTC
  • mfrom: (29.1.2 lucid-security)
  • Revision ID: package-import@ubuntu.com-20120906095637-otmrozutj2dk5tfi
Tags: 1.1.1-2ubuntu1.5
* SECURITY UPDATE: Cross-site scripting in authentication views
  (LP: #1031733)
  - debian/patches/16_fix_cross_site_scripting_in_authentication.diff:
    fix unsafe redirects indjango/http/__init__.py. Patch backported from
    Debian Squeeze and fixed for python 2.4 compatibility.
  - CVE-2012-3442
* SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733)
  - debian/patches/17_fix_dos_in_image_validation.diff: call verify()
    immediately after the constructor in django/forms/fields.py.
  - CVE-2012-3443
* SECURITY UPDATE: Denial-of-service via get_image_dimensions()
  (LP: #1031733)
  - debian/patches/18_fix_dos_via_get_image_dimensions.diff: don't limit
    chunk size in django/core/files/images.py.
  - CVE-2012-3444

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: