← Back to branch summary

~ubuntu-branches/ubuntu/saucy/python-django/saucy-updates

  • Committer: Package Import Robot
  • Author(s): Seth Arnold
  • Date: 2014-05-14 11:00:30 UTC
  • Revision ID: package-import@ubuntu.com-20140514110030-yhmd7dx55yxd735g
Tags: 1.5.4-1ubuntu1.3
https://launchpad.net/bugs/1317663
* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_5.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_5.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.
Filename Latest Rev Last Changed Committer Comment Size
..
File csrf_migration_helper.py 1.3.7 11 years ago Package Import Robot Import upstream version 1.5 12.7 KB Diff Download File
File django_bash_completion 28 14 years ago Bazaar Package Importer New upstream stable release. 2.2 KB Diff Download File
Makefile 1.3.9 11 years ago Package Import Robot Import upstream version 1.5.2 239 bytes Diff Download File
README.TXT 1 18 years ago Bazaar Package Importer Import upstream version 0.95 77 bytes Diff Download File