Ubuntu
python-django package

Branches for Maverick

Name		Status	Last Modified	Last Commit
lp://staging/ubuntu/maverick/python-django		2 Mature	2010-05-24 22:44:32 UTC 2010-05-24	29. New upstream bugfix release. Author: lamby Revision Date: 2010-05-24 22:44:32 UTC New upstream bugfix release.
lp://staging/ubuntu/maverick-security/python-django		2 Mature	2011-12-07 15:52:55 UTC 2011-12-07	33. * SECURITY UPDATE: session manipulati... Author: Jamie Strandboge Revision Date: 2011-12-07 15:52:55 UTC * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * debian/patches/01_disable_url_verify_regression_tests.diff: remove the test_correct_url_but_nonexisting_gives_404() test from the modeltests/validation/tests.py too. Not sure how it passed before, but this makes the CVE-2011-4137+4138.patch consistent with our other releases since the upstream fix for CVE-2011-4137+4138.patch removed this test too. * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
lp://staging/ubuntu/maverick-updates/python-django		2 Mature	2011-12-07 15:52:55 UTC 2011-12-07	33. * SECURITY UPDATE: session manipulati... Author: Jamie Strandboge Revision Date: 2011-12-07 15:52:55 UTC * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * debian/patches/01_disable_url_verify_regression_tests.diff: remove the test_correct_url_but_nonexisting_gives_404() test from the modeltests/validation/tests.py too. Not sure how it passed before, but this makes the CVE-2011-4137+4138.patch consistent with our other releases since the upstream fix for CVE-2011-4137+4138.patch removed this test too. * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
lp://staging/~kklimonda/ubuntu/maverick/python-django/lp.636482		1 Development	2010-09-21 18:57:18 UTC 2010-09-21	42. add .pc part of the patch Author: Krzysztof Klimonda Revision Date: 2010-09-21 18:57:18 UTC add .pc part of the patch