46
|
|
* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating URLs pointing to other hosts in django/core/urlresolvers.py, added tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py. - CVE-2014-0480 * SECURITY UPDATE: denial of service via file upload handling - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in django/core/files/storage.py, updated docs in docs/howto/custom-file-storage.txt, docs/ref/files/storage.txt, added tests to tests/modeltests/files/tests.py, tests/regressiontests/file_storage/tests.py, backport get_random_string() to django/utils/crypto.py. - CVE-2014-0481 * SECURITY UPDATE: web session hijack via REMOTE_USER header - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to logout on REMOTE_USE change in django/contrib/auth/middleware.py, added test to django/contrib/auth/tests/remote_user.py. - CVE-2014-0482 * SECURITY UPDATE: data leak in contrib.admin via query string manipulation - debian/patches/CVE-2014-0483.patch: validate to_field in django/contrib/admin/{options,exceptions}.py, django/contrib/admin/views/main.py, added tests to tests/regressiontests/admin_views/tests.py. - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in django/contrib/admin/options.py, added tests to tests/regressiontests/admin_views/{models,tests}.py. - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in django/contrib/admin/options.py, added tests to tests/regressiontests/admin_views/{models,tests}.py. - CVE-2014-0483
|
Marc Deslauriers |
1.3.1-4ubuntu1.12 |
9 years ago
|
|
|
45
|
|
|
Seth Arnold |
1.3.1-4ubuntu1.11 |
9 years ago
|
|
|
44
|
|
|
Marc Deslauriers |
1.3.1-4ubuntu1.10 |
9 years ago
|
|
|
43
|
|
|
Marc Deslauriers |
1.3.1-4ubuntu1.9 |
10 years ago
|
|
|
42
|
|
|
Marc Deslauriers |
1.3.1-4ubuntu1.8 |
10 years ago
|
|
|
41
|
|
* SECURITY UPDATE: host header poisoning (LP: #1089337) - debian/patches/fix_get_host.patch: tighten host header validation in django/http/__init__.py, add tests to tests/regressiontests/requests/tests.py. - https://www.djangoproject.com/weblog/2012/dec/10/security/ - No CVE number * SECURITY UPDATE: redirect poisoning (LP: #1089337) - debian/patches/fix_redirect_poisoning.patch: tighten validation in django/contrib/auth/views.py, django/contrib/comments/views/comments.py, django/contrib/comments/views/moderation.py, django/contrib/comments/views/utils.py, django/utils/http.py, django/views/i18n.py, add tests to tests/regressiontests/comment_tests/tests/comment_view_tests.py, tests/regressiontests/comment_tests/tests/moderation_view_tests.py, tests/regressiontests/views/tests/i18n.py. - https://www.djangoproject.com/weblog/2012/dec/10/security/ - No CVE number * SECURITY UPDATE: host header poisoning (LP: #1130445) - debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting to django/conf/global_settings.py, django/conf/project_template/settings.py, django/http/__init__.py, django/test/utils.py, add docs to docs/ref/settings.txt, add tests to tests/regressiontests/requests/tests.py. - https://www.djangoproject.com/weblog/2013/feb/19/security/ - No CVE number * SECURITY UPDATE: XML attacks (LP: #1130445) - debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion, and external entities/DTDs in django/core/serializers/xml_serializer.py, add tests to tests/regressiontests/serializers_regress/tests.py. - https://www.djangoproject.com/weblog/2013/feb/19/security/ - CVE-2013-1664 - CVE-2013-1665 * SECURITY UPDATE: Data leakage via admin history log (LP: #1130445) - debian/patches/CVE-2013-0305.patch: add permission checks to history view in django/contrib/admin/options.py, add tests to tests/regressiontests/admin_views/tests.py. - https://www.djangoproject.com/weblog/2013/feb/19/security/ - CVE-2013-0305 * SECURITY UPDATE: Formset denial-of-service (LP: #1130445) - debian/patches/CVE-2013-0306.patch: limit maximum number of forms in django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt, docs/topics/forms/modelforms.txt, add tests to tests/regressiontests/forms/tests/formsets.py. - https://www.djangoproject.com/weblog/2013/feb/19/security/ - CVE-2013-0306
|
Marc Deslauriers |
1.3.1-4ubuntu1.6 |
11 years ago
|
|
|
40
|
|
|
Jamie Strandboge |
1.3.1-4ubuntu1.4 |
11 years ago
|
|
|
39
|
|
|
Jamie Strandboge |
1.3.1-4ubuntu1.3 |
11 years ago
|
|
|
38
|
|
|
Marc Deslauriers |
1.3.1-4ubuntu1.2 |
11 years ago
|
|
|
37
|
|
|
Dave Walker (Daviey) |
1.3.1-4ubuntu1 |
12 years ago
|
|
|
36
|
|
|
Barry Warsaw |
1.3.1-1ubuntu1 |
12 years ago
|
|
|
35
|
|
|
Raphaël Hertzog |
1.3.1-1 |
12 years ago
|
|
|
34
|
|
|
Barry Warsaw |
1.3-2ubuntu1 |
12 years ago
|
|
|
33
|
|
|
Piotr Ożarowski |
1.3-2 |
12 years ago
|
|
|
32
|
|
|
Jamie Strandboge |
1.2.5-1ubuntu1 |
13 years ago
|
|
|
31
|
|
|
Jamie Strandboge |
1.2.3-1ubuntu0.2.11.04.1 |
13 years ago
|
|
|
30
|
|
|
Jamie Strandboge |
1.2.3-1ubuntu0.1 |
13 years ago
|
|
|
29
|
|
|
Chris Lamb |
1.2.1-1 |
13 years ago
|
|
|
28
|
|
|
Chris Lamb |
1.2-1 |
13 years ago
|
|
|
27
|
|
|
James Westby |
1.1.1-2ubuntu1 |
14 years ago
|
|
|