Viewing all changes in revision 32.
- Committer: Bazaar Package Importer
- Date: 2011-02-15 17:04:19 UTC
- Revision ID: james.westby@ubuntu.com-20110215170419-5mebvxl1co15dp01
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/09_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/10_admin_widgets-to-unittest.diff: prepare testsuite for
security fix tests
- debian/patches/11_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
- debian/patches/09_CVE-2011-0696.diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproject.com/weblog/2011/feb/08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/10_admin_widgets-to-unittest.diff: prepare testsuite for
security fix tests
- debian/patches/11_CVE-2011-0697.diff: properly escape URL in
django/contrib/admin/widgets.py
- CVE-2011-0697
- files added:
- .pc/09_CVE-2011-0696.diff
- .pc/09_CVE-2011-0696.diff/django
- .pc/09_CVE-2011-0696.diff/django/middleware
- .pc/09_CVE-2011-0696.diff/docs
- .pc/09_CVE-2011-0696.diff/docs/ref
- .pc/09_CVE-2011-0696.diff/docs/ref/contrib
- .pc/09_CVE-2011-0696.diff/tests
- .pc/09_CVE-2011-0696.diff/tests/regressiontests
- .pc/09_CVE-2011-0696.diff/tests/regressiontests/csrf_tests
- .pc/10_admin_widgets-to-unittest.diff
- .pc/10_admin_widgets-to-unittest.diff/django
- .pc/10_admin_widgets-to-unittest.diff/django/contrib
- .pc/10_admin_widgets-to-unittest.diff/django/contrib/admin
- .pc/10_admin_widgets-to-unittest.diff/tests
- .pc/10_admin_widgets-to-unittest.diff/tests/regressiontests
- .pc/10_admin_widgets-to-unittest.diff/tests/regressiontests/admin_widgets
- .pc/11_CVE-2011-0697.diff
- .pc/11_CVE-2011-0697.diff/django
- .pc/11_CVE-2011-0697.diff/django/contrib
- .pc/11_CVE-2011-0697.diff/django/contrib/admin
- .pc/11_CVE-2011-0697.diff/tests
- .pc/11_CVE-2011-0697.diff/tests/regressiontests
- .pc/11_CVE-2011-0697.diff/tests/regressiontests/admin_widgets
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
