Package "python-django-doc"
Name: |
python-django-doc
|
Description: |
High-level Python web development framework (documentation)
|
Latest version: |
1.3.1-4ubuntu1.23 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
python-django |
Homepage: |
http://www.djangoproject.com/ |
Links
Download "python-django-doc"
Other versions of "python-django-doc" in Precise
Changelog
python-django (1.3.1-4ubuntu1.18) precise-security; urgency=medium
* SECURITY UPDATE: denial of service by filling session store
- debian/patches/CVE-2015-596x.patch: don't create empty sessions in
django/contrib/sessions/backends/base.py,
django/contrib/sessions/backends/cached_db.py,
django/contrib/sessions/middleware.py, added tests to
django/contrib/sessions/tests.py, updated docs in
docs/topics/http/sessions.txt.
- CVE-2015-5963
- CVE-2015-5964
-- Marc Deslauriers Thu, 13 Aug 2015 12:00:17 -0400
|
Source diff to previous version |
|
python-django (1.3.1-4ubuntu1.17) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via empty session records
- debian/patches/no_implicit_session_key.patch: don't perform implicit
initialization of the session key on the first access in
django/contrib/sessions/backends/base.py,
django/contrib/sessions/backends/cache.py,
django/contrib/sessions/backends/cached_db.py,
django/contrib/sessions/backends/db.py,
django/contrib/sessions/backends/file.py,
adjusted tests in django/contrib/sessions/tests.py,
tests/regressiontests/test_client_regress/session.py.
- debian/patches/CVE-2015-5143.patch: avoid creating a session record
when loading the session in
django/contrib/sessions/backends/cache.py,
django/contrib/sessions/backends/cached_db.py,
django/contrib/sessions/backends/db.py,
django/contrib/sessions/backends/file.py,
added test to django/contrib/sessions/tests.py.
- CVE-2015-5143
* SECURITY UPDATE: header injection via newlines
- debian/patches/CVE-2015-5144.patch: check for newlines in
django/core/validators.py, added tests to
tests/modeltests/validators/tests.py.
- CVE-2015-5144
-- Marc Deslauriers Thu, 02 Jul 2015 11:52:43 -0400
|
Source diff to previous version |
CVE-2015-5143 |
denial-of-service possibility by filling session store |
CVE-2015-5144 |
header injection possibility since validators accept newlines in input |
|
python-django (1.3.1-4ubuntu1.16) precise-security; urgency=medium
* SECURITY UPDATE: XSS attack via user-supplied redirect URLs
- debian/patches/CVE-2015-2317.patch: reject URLs that start with
control characters in django/utils/http.py, added test to
tests/regressiontests/utils/http.py.
- CVE-2015-2317
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 10:42:41 -0400
|
Source diff to previous version |
CVE-2015-2317 |
Mitigated possible XSS attack via user-supplied redirect URLs |
|
python-django (1.3.1-4ubuntu1.15) precise-security; urgency=medium
* SECURITY REGRESSION: static serve failure (LP: #1417274)
- debian/patches/CVE-2015-0221-regression.patch: allow GZipMiddleware
to work with streaming responses in django/middleware/gzip.py,
django/utils/text.py, django/http/__init__.py, added tests to
tests/regressiontests/middleware/tests.py.
-- Marc Deslauriers <email address hidden> Wed, 04 Feb 2015 09:03:07 -0500
|
Source diff to previous version |
1417274 |
CVE-2015-0221 backport broke serving static content through GZipMiddleware |
CVE-2015-0221 |
RESERVED |
|
python-django (1.3.1-4ubuntu1.13) precise-security; urgency=medium
* SECURITY UPDATE: WSGI header spoofing via underscore/dash conflation
- debian/patches/CVE-2015-0219.patch: strip headers with underscores in
django/core/servers/basehttp.py, added test to
tests/regressiontests/servers/tests.py.
- CVE-2015-0219
* SECURITY UPDATE: Mitigated possible XSS attack via user-supplied
redirect URLs
- debian/patches/CVE-2015-0220.patch: filter url in
django/utils/http.py, added test to
tests/regressiontests/utils/http.py.
- CVE-2015-0220
* SECURITY UPDATE: Denial-of-service attack against
django.views.static.serve
- debian/patches/CVE-2015-0221.patch: limit large files in
django/views/static.py, added test to
tests/regressiontests/views/media/long-line.txt,
tests/regressiontests/views/tests/static.py.
- CVE-2015-0221
-- Marc Deslauriers <email address hidden> Tue, 13 Jan 2015 07:55:08 -0500
|
|
About
-
Send Feedback to @ubuntu_updates