- Committer: Package Import Robot
- Date: 2013-03-04 10:33:54 UTC
- Revision ID: package-import@ubuntu.com-20130304103354-d59rx3ujfa11an1k
* SECURITY UPDATE: host header poisoning (LP: #1089337)
- debian/patches/fix_get_host.patch: tighten host header validation in
django/http/__init__.py, add tests to
tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
- debian/patches/fix_redirect_poisoning.patch: tighten validation in
django/contrib/auth/views.py,
django/contrib/comments/views/comments.py,
django/contrib/comments/views/moderation.py,
django/contrib/comments/views/utils.py, django/utils/http.py,
django/views/i18n.py, add tests to
tests/regressiontests/comment_tests/tests/comment_view_tests.py,
tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
tests/regressiontests/views/tests/i18n.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
- debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
to django/conf/global_settings.py,
django/conf/project_template/settings.py,
django/http/__init__.py, django/test/utils.py, add docs to
docs/ref/settings.txt, add tests to
tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
- debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
and external entities/DTDs in
django/core/serializers/xml_serializer.py, add tests to
tests/regressiontests/serializers_regress/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-1664
- CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
- debian/patches/CVE-2013-0305.patch: add permission checks to history
view in django/contrib/admin/options.py, add tests to
tests/regressiontests/admin_views/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
- debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
docs/topics/forms/modelforms.txt, add tests to
tests/regressiontests/forms/tests/formsets.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0306
- debian/patches/fix_get_host.patch: tighten host header validation in
django/http/__init__.py, add tests to
tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
- debian/patches/fix_redirect_poisoning.patch: tighten validation in
django/contrib/auth/views.py,
django/contrib/comments/views/comments.py,
django/contrib/comments/views/moderation.py,
django/contrib/comments/views/utils.py, django/utils/http.py,
django/views/i18n.py, add tests to
tests/regressiontests/comment_tests/tests/comment_view_tests.py,
tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
tests/regressiontests/views/tests/i18n.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
- debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
to django/conf/global_settings.py,
django/conf/project_template/settings.py,
django/http/__init__.py, django/test/utils.py, add docs to
docs/ref/settings.txt, add tests to
tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
- debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
and external entities/DTDs in
django/core/serializers/xml_serializer.py, add tests to
tests/regressiontests/serializers_regress/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-1664
- CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
- debian/patches/CVE-2013-0305.patch: add permission checks to history
view in django/contrib/admin/options.py, add tests to
tests/regressiontests/admin_views/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
- debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
docs/topics/forms/modelforms.txt, add tests to
tests/regressiontests/forms/tests/formsets.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0306
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
.pc
|
4.4.7 | 13 years ago | Bazaar Package Importer | New upstream stable release. |
|
||
|
debian
|
2 | 17 years ago | Bazaar Package Importer | [ Brett Parker ] * 0.95 release - initial packagin |
|
||
|
django
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
docs
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
extras
|
1 | 17 years ago | Bazaar Package Importer | Import upstream version 0.95 |
|
||
|
scripts
|
16 | 15 years ago | Bazaar Package Importer | * Merge from Debian (LP: #264191), remaining chang |
|
||
|
tests
|
1.3.4 | 14 years ago | Bazaar Package Importer | Import upstream version 1.2~alpha1 |
|
||
AUTHORS |
33 | 12 years ago | Bazaar Package Importer | * Team upload. [ Chris Lamb ] * Don't remove "bac | 18.7 KB |
|
|
|
INSTALL |
1.1.10 | 13 years ago | Bazaar Package Importer | Import upstream version 1.2 | 592 bytes |
|
|
|
LICENSE |
1.2.1 | 15 years ago | Bazaar Package Importer | Import upstream version 1.0 | 1.5 KB |
|
|
|
MANIFEST.in |
33 | 12 years ago | Bazaar Package Importer | * Team upload. [ Chris Lamb ] * Don't remove "bac | 1.4 KB |
|
|
|
PKG-INFO |
33 | 12 years ago | Bazaar Package Importer | * Team upload. [ Chris Lamb ] * Don't remove "bac | 1.1 KB |
|
|
|
README |
33 | 12 years ago | Bazaar Package Importer | * Team upload. [ Chris Lamb ] * Don't remove "bac | 1.7 KB |
|
|
|
setup.cfg |
30 | 13 years ago | Bazaar Package Importer | * SECURITY UPDATE: XSS in CSRF protections. New up | 108 bytes |
|
|
|
setup.py |
33 | 12 years ago | Bazaar Package Importer | * Team upload. [ Chris Lamb ] * Don't remove "bac | 4.2 KB |
|
|