~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

Viewing all changes in revision 41.

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2012-11-09 15:53:27 UTC
  • Revision ID: package-import@ubuntu.com-20121109155327-r1mb8j8nyh97lhqp
Tags: 1.4.1-2ubuntu0.1
* SECURITY UPDATE: fix Host header poisoning
  - debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to
    raise django.core.exceptions.SuspiciousOperation if Host headers contain
    potentially dangerous content. Patch thanks to Mackenzie Morgan.
  - CVE-2012-4520
  - LP: #1068486
* debian/patches/docs-update-httponly-cookie.diff: update documentation of
  HttpOnly cookie option to correctly describe changes to 1.4

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: