UbuntuUpdates.org

Package "python-django"

Name: python-django

Description:

High-level Python web development framework

Latest version: 1.3.1-4ubuntu1.23
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.djangoproject.com/

Links


Download "python-django"


Other versions of "python-django" in Precise

Repository Area Version
base main 1.3.1-4ubuntu1
security main 1.3.1-4ubuntu1.23

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.1-4ubuntu1.23 2017-04-04 20:06:25 UTC

  python-django (1.3.1-4ubuntu1.23) precise-security; urgency=medium

  * SECURITY UPDATE: Open redirect and possible XSS attack via
    user-supplied numeric redirect URLs
    - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
      URLs in django/utils/http.py, added tests to
      tests/regressiontests/utils/http.py.
    - CVE-2017-7233
  * SECURITY UPDATE: Open redirect vulnerability in
    django.views.static.serve()
    - debian/patches/CVE-2017-7234.patch: remove redirect from
      django/views/static.py.
    - CVE-2017-7234

 -- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:49:05 -0400

Source diff to previous version
CVE-2017-7233 Open redirect and possible XSS attack via user-supplied numeric redirect URLs
CVE-2017-7234 Open redirect vulnerability in django.views.static.serve()

Version: 1.3.1-4ubuntu1.22 2016-11-01 20:06:55 UTC

  python-django (1.3.1-4ubuntu1.22) precise-security; urgency=medium

  * SECURITY UPDATE: user with hardcoded password created when running
    tests on Oracle
    - debian/patches/CVE-2016-9013.patch: remove hardcoded password in
      django/db/backends/oracle/creation.py, added note to
      docs/ref/settings.txt.
    - CVE-2016-9013
  * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
    - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
      django/http/__init__.py, updated docs/ref/settings.txt, added test to
      tests/regressiontests/requests/tests.py.
    - CVE-2016-9014

 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 10:31:12 -0400

Source diff to previous version
CVE-2016-9013 User with hardcoded password created when running tests on Oracle
CVE-2016-9014 DNS rebinding vulnerability when DEBUG=True

Version: 1.3.1-4ubuntu1.21 2016-09-27 16:06:38 UTC

  python-django (1.3.1-4ubuntu1.21) precise-security; urgency=medium

  * SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics
    - debian/patches/CVE-2016-7401.patch: simplify cookie parsing in
      django/http/__init__.py, add tests to
      tests/regressiontests/httpwrappers/tests.py,
      tests/regressiontests/requests/tests.py.
    - CVE-2016-7401

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:45:02 -0400

Source diff to previous version

Version: 1.3.1-4ubuntu1.20 2016-03-01 20:07:01 UTC

  python-django (1.3.1-4ubuntu1.20) precise-security; urgency=medium

  * SECURITY UPDATE: malicious redirect and possible XSS attack via
    user-supplied redirect URLs containing basic auth
    - debian/patches/CVE-2016-2512.patch: prevent spoofing in
      django/utils/http.py, added test to
      django/contrib/auth/tests/views.py.
    - CVE-2016-2512

 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 15:29:31 -0500

Source diff to previous version
CVE-2016-2512 RESERVED

Version: 1.3.1-4ubuntu1.19 2015-11-24 20:06:36 UTC

  python-django (1.3.1-4ubuntu1.19) precise-security; urgency=medium

  * SECURITY UPDATE: Settings leak possibility in date template filter
    - debian/patches/CVE-2015-8213.patch: check format type in
      django/utils/formats.py, added test to
      tests/regressiontests/i18n/tests.py.
    - CVE-2015-8213

 -- Marc Deslauriers Wed, 18 Nov 2015 15:19:37 -0500

CVE-2015-8213 Fixed settings leak possibility in date template filter



About   -   Send Feedback to @ubuntu_updates