-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2013-09-20 09:20:38 UTC
-
mfrom:
(40.1.2 precise-security)
-
Revision ID:
package-import@ubuntu.com-20130920092038-bafa45r3ggjm152t
Tags: 1.3.1-4ubuntu1.8
* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
- debian/patches/CVE-2013-1443.patch: enforce a maximum password length
in django/contrib/auth/forms.py, django/contrib/auth/models.py,
django/contrib/auth/tests/basic.py.
- CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
- debian/patches/CVE-2013-4315.patch: properly check absolute path in
django/template/defaulttags.py,
tests/regressiontests/templates/tests.py.
- CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
- debian/patches/security-is_safe_url.patch: properly reject URLs which
specify a scheme other then HTTP or HTTPS.
- https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
- No CVE number