UbuntuUpdates.org

Package "python-django"

Name: python-django

Description:

High-level Python web development framework

Latest version: 1.6.11-0ubuntu1.3
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://www.djangoproject.com/

Links


Download "python-django"


Other versions of "python-django" in Trusty

Repository Area Version
base main 1.6.1-2
security main 1.6.11-0ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.1-2ubuntu0.15 2016-09-27 16:06:40 UTC

  python-django (1.6.1-2ubuntu0.15) trusty-security; urgency=medium

  * SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics
    - debian/patches/CVE-2016-7401.patch: simplify cookie parsing in
      django/http/cookie.py, add tests to tests/httpwrappers/tests.py,
      tests/requests/tests.py.
    - CVE-2016-7401

 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:36:53 -0400

Source diff to previous version

Version: 1.6.1-2ubuntu0.14 2016-03-07 21:06:26 UTC

  python-django (1.6.1-2ubuntu0.14) trusty-security; urgency=medium

  * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251)
    - debian/patches/CVE-2016-2512-regression.patch: updated to final
      upstream fix.
    - CVE-2016-2512

 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:50:01 -0500

Source diff to previous version
1553251 USN-2915-1 introduced a regression in is_safe_url()
CVE-2016-2512 RESERVED

Version: 1.6.1-2ubuntu0.13 2016-03-07 15:06:28 UTC

  python-django (1.6.1-2ubuntu0.13) trusty-security; urgency=medium

  * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251)
    - debian/patches/CVE-2016-2512-regression.patch: force url to unicode
      in django/utils/http.py, added test to
      tests/utils_tests/test_http.py.
    - CVE-2016-2512

 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:07:40 -0500

Source diff to previous version
1553251 USN-2915-1 introduced a regression in is_safe_url()
CVE-2016-2512 RESERVED

Version: 1.6.1-2ubuntu0.12 2016-03-01 20:07:04 UTC

  python-django (1.6.1-2ubuntu0.12) trusty-security; urgency=medium

  * SECURITY UPDATE: malicious redirect and possible XSS attack via
    user-supplied redirect URLs containing basic auth
    - debian/patches/CVE-2016-2512.patch: prevent spoofing in
      django/utils/http.py, added test to tests/utils_tests/test_http.py.
    - CVE-2016-2512
  * SECURITY UPDATE: user enumeration through timing difference on password
    hasher work factor upgrade
    - debian/patches/CVE-2016-2513.patch: fix timing in
      django/contrib/auth/hashers.py, added note to
      docs/topics/auth/passwords.txt, added tests to
      django/contrib/auth/tests/test_hashers.py.
    - debian/control: added python-mock to Build-Depends
    - CVE-2016-2513

 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 14:41:20 -0500

Source diff to previous version
CVE-2016-2512 RESERVED
CVE-2016-2513 RESERVED

Version: 1.6.1-2ubuntu0.11 2015-11-24 20:06:38 UTC

  python-django (1.6.1-2ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: Settings leak possibility in date template filter
    - debian/patches/CVE-2015-8213.patch: check format type in
      django/utils/formats.py, added test to tests/i18n/tests.py.
    - CVE-2015-8213

 -- Marc Deslauriers Wed, 18 Nov 2015 15:15:27 -0500

CVE-2015-8213 Fixed settings leak possibility in date template filter



About   -   Send Feedback to @ubuntu_updates