~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

Viewing all changes in revision 44.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2013-09-20 09:05:04 UTC
  • Revision ID: package-import@ubuntu.com-20130920090504-besdaznwwrmo5a4j
Tags: 1.4.1-2ubuntu0.4
* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
  - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
    in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
    django/contrib/auth/tests/hashers.py.
  - CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
  - debian/patches/CVE-2013-4315.patch: properly check absolute path in
    django/template/defaulttags.py,
    tests/regressiontests/templates/tests.py.
  - CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
  - debian/patches/security-is_safe_url.patch: properly reject URLs which
    specify a scheme other then HTTP or HTTPS.
  - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
  - No CVE number
* debian/patches/fix-validation-tests.patch: fix regression in tests
  since example.com is now available via https.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: