Viewing all changes in revision 43.
- Committer: Package Import Robot
- Date: 2013-03-04 08:28:36 UTC
- Revision ID: package-import@ubuntu.com-20130304082836-tit5tomf5v6o4uic
* SECURITY UPDATE: host header poisoning (LP: #1089337)
- debian/patches/fix_get_host.patch: tighten host header validation in
django/http/__init__.py, add info to docs/topics/security.txt, add
tests to tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
- debian/patches/fix_redirect_poisoning.patch: tighten validation in
django/contrib/auth/views.py,
django/contrib/comments/views/comments.py,
django/contrib/comments/views/moderation.py,
django/contrib/comments/views/utils.py, django/utils/http.py,
django/views/i18n.py, add tests to
tests/regressiontests/comment_tests/tests/comment_view_tests.py,
tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
tests/regressiontests/views/tests/i18n.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
- debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
to django/conf/global_settings.py,
django/conf/project_template/project_name/settings.py,
django/contrib/auth/tests/views.py,
django/contrib/contenttypes/tests.py, django/contrib/sites/tests.py,
django/http/__init__.py, django/test/utils.py, add docs to
docs/ref/settings.txt, docs/topics/security.txt, add tests to
tests/regressiontests/csrf_tests/tests.py,
tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
- debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
and external entities/DTDs in
django/core/serializers/xml_serializer.py, add tests to
tests/regressiontests/serializers_regress/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-1664
- CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
- debian/patches/CVE-2013-0305.patch: add permission checks to history
view in django/contrib/admin/options.py, add tests to
tests/regressiontests/admin_views/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
- debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
docs/topics/forms/modelforms.txt, add tests to
tests/regressiontests/forms/tests/formsets.py,
tests/regressiontests/generic_inline_admin/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0306
- debian/patches/fix_get_host.patch: tighten host header validation in
django/http/__init__.py, add info to docs/topics/security.txt, add
tests to tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
- debian/patches/fix_redirect_poisoning.patch: tighten validation in
django/contrib/auth/views.py,
django/contrib/comments/views/comments.py,
django/contrib/comments/views/moderation.py,
django/contrib/comments/views/utils.py, django/utils/http.py,
django/views/i18n.py, add tests to
tests/regressiontests/comment_tests/tests/comment_view_tests.py,
tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
tests/regressiontests/views/tests/i18n.py.
- https://www.djangoproject.com/weblog/2012/dec/10/security/
- No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
- debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
to django/conf/global_settings.py,
django/conf/project_template/project_name/settings.py,
django/contrib/auth/tests/views.py,
django/contrib/contenttypes/tests.py, django/contrib/sites/tests.py,
django/http/__init__.py, django/test/utils.py, add docs to
docs/ref/settings.txt, docs/topics/security.txt, add tests to
tests/regressiontests/csrf_tests/tests.py,
tests/regressiontests/requests/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
- debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
and external entities/DTDs in
django/core/serializers/xml_serializer.py, add tests to
tests/regressiontests/serializers_regress/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-1664
- CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
- debian/patches/CVE-2013-0305.patch: add permission checks to history
view in django/contrib/admin/options.py, add tests to
tests/regressiontests/admin_views/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
- debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
docs/topics/forms/modelforms.txt, add tests to
tests/regressiontests/forms/tests/formsets.py,
tests/regressiontests/generic_inline_admin/tests.py.
- https://www.djangoproject.com/weblog/2013/feb/19/security/
- CVE-2013-0306
- files added:
- .pc/CVE-2013-0305.patch
- .pc/CVE-2013-0305.patch/django
- .pc/CVE-2013-0305.patch/django/contrib
- .pc/CVE-2013-0305.patch/django/contrib/admin
- .pc/CVE-2013-0305.patch/tests
- .pc/CVE-2013-0305.patch/tests/regressiontests
- .pc/CVE-2013-0305.patch/tests/regressiontests/admin_views
- .pc/CVE-2013-0306.patch
- .pc/CVE-2013-0306.patch/django
- .pc/CVE-2013-0306.patch/django/forms
- .pc/CVE-2013-0306.patch/docs
- .pc/CVE-2013-0306.patch/docs/topics
- .pc/CVE-2013-0306.patch/docs/topics/forms
- .pc/CVE-2013-0306.patch/tests
- .pc/CVE-2013-0306.patch/tests/regressiontests
- .pc/CVE-2013-0306.patch/tests/regressiontests/forms
- .pc/CVE-2013-0306.patch/tests/regressiontests/forms/tests
- .pc/CVE-2013-0306.patch/tests/regressiontests/generic_inline_admin
- .pc/CVE-2013-166x.patch
- .pc/CVE-2013-166x.patch/django
- .pc/CVE-2013-166x.patch/django/core
- .pc/CVE-2013-166x.patch/django/core/serializers
- .pc/CVE-2013-166x.patch/tests
- .pc/CVE-2013-166x.patch/tests/regressiontests
- .pc/CVE-2013-166x.patch/tests/regressiontests/serializers_regress
- .pc/add_allowed_hosts.patch
- .pc/add_allowed_hosts.patch/django
- .pc/add_allowed_hosts.patch/django/conf
- .pc/add_allowed_hosts.patch/django/conf/project_template
- .pc/add_allowed_hosts.patch/django/conf/project_template/project_name
- .pc/add_allowed_hosts.patch/django/contrib
- .pc/add_allowed_hosts.patch/django/contrib/auth
- .pc/add_allowed_hosts.patch/django/contrib/auth/tests
- .pc/add_allowed_hosts.patch/django/contrib/contenttypes
- .pc/add_allowed_hosts.patch/django/contrib/sites
- .pc/add_allowed_hosts.patch/django/http
- .pc/add_allowed_hosts.patch/django/test
- .pc/add_allowed_hosts.patch/docs
- .pc/add_allowed_hosts.patch/docs/ref
- .pc/add_allowed_hosts.patch/docs/topics
- .pc/add_allowed_hosts.patch/tests
- .pc/add_allowed_hosts.patch/tests/regressiontests
- .pc/add_allowed_hosts.patch/tests/regressiontests/csrf_tests
- .pc/add_allowed_hosts.patch/tests/regressiontests/requests
- .pc/fix_get_host.patch
- .pc/fix_get_host.patch/django
- .pc/fix_get_host.patch/django/http
- .pc/fix_get_host.patch/docs
- .pc/fix_get_host.patch/docs/topics
- .pc/fix_get_host.patch/tests
- .pc/fix_get_host.patch/tests/regressiontests
- .pc/fix_get_host.patch/tests/regressiontests/requests
- .pc/fix_redirect_poisoning.patch
- .pc/fix_redirect_poisoning.patch/django
- .pc/fix_redirect_poisoning.patch/django/contrib
- .pc/fix_redirect_poisoning.patch/django/contrib/auth
- .pc/fix_redirect_poisoning.patch/django/contrib/comments
- .pc/fix_redirect_poisoning.patch/django/contrib/comments/views
- .pc/fix_redirect_poisoning.patch/django/utils
- .pc/fix_redirect_poisoning.patch/django/views
- .pc/fix_redirect_poisoning.patch/tests
- .pc/fix_redirect_poisoning.patch/tests/regressiontests
- .pc/fix_redirect_poisoning.patch/tests/regressiontests/comment_tests
- .pc/fix_redirect_poisoning.patch/tests/regressiontests/comment_tests/tests
- .pc/fix_redirect_poisoning.patch/tests/regressiontests/views
- .pc/fix_redirect_poisoning.patch/tests/regressiontests/views/tests
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
