~ubuntu-branches/ubuntu/oneiric/python-django/oneiric-security

Viewing all changes in revision 31.

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2011-01-03 10:12:39 UTC
  • Revision ID: james.westby@ubuntu.com-20110103101239-c4zp11x3ctrrrr3l
Tags: 1.2.3-1ubuntu0.2.11.04.1
* SECURITY UPDATE: information leak in admin interface
  - debian/patches/07_security_admin_infoleak.diff: validate querystring
    lookup arguments either specify only fields on the model being viewed,
    or cross relations which have been explicitly whitelisted.
  - CVE-2010-XXXX
* SECURITY UPDATE:
  - debian/patches/08_security_pasword_reset_dos.diff: adjust
    base36_to_int() function in django.utils.http will now validate the
    length of its input; on input longer than 13 digits (sufficient to
    base36-encode any 64-bit integer), it will now raise ValueError.
    Additionally, the default URL patterns for django.contrib.auth will now
    enforce a maximum length on the relevant parameters.
  - CVE-2010-XXXX

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: