lp://staging/ubuntu/saucy-updates/python-django
- Get this branch:
- bzr branch lp://staging/ubuntu/saucy-updates/python-django
Branch merges
Related source package recipes
Branch information
Recent revisions
- 53. By Seth Arnold
-
* SECURITY UPDATE: cache coherency problems in old Internet Explorer
compatibility functions lead to loss of privacy and cache poisoning
attacks. (LP: #1317663)
- debian/patches/ drop_fix_ ie_for_ vary_1_ 5.diff: remove fix_IE_for_vary()
and fix_IE_for_attach() functions so Cache-Control and Vary headers are
no longer modified. This may introduce some regressions for IE 6 and IE 7
users. Patch from upstream.
- CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
some malformed URLs, which are accepted by some browsers. This allows a
user to be redirected to an unsafe URL unexpectedly.
- debian/patches/ is_safe_ url_1_5. diff: Forbid URLs starting with '///',
forbid URLs without a host but with a path. Patch from upstream. - 52. By Marc Deslauriers
-
* SECURITY REGRESSION: security fix regression when a view is a partial
(LP: #1311433)
- debian/patches/ CVE-2014- 0472-regression .patch: create the lookup_str
from the original function whenever a partial is provided as an
argument to a url pattern in django/core/urlresolve rs.py,
added tests to tests/regressiontests/ urlpatterns_ reverse/ urls.py,
tests/regressiontests /urlpatterns_ reverse/ views.py.
- CVE-2014-0472 - 51. By Marc Deslauriers
-
* SECURITY UPDATE: unexpected code execution using reverse()
(LP: #1309779)
- debian/patches/ CVE-2014- 0472.patch: added filtering to
django/core/urlresolve rs.py, added tests to
tests/regressiontests /urlpatterns_ reverse/ nonimported_ module. py,
tests/regressiontests /urlpatterns_ reverse/ tests.py,
tests/regressiontests /urlpatterns_ reverse/ urls.py,
tests/regressiontests /urlpatterns_ reverse/ views.py.
- CVE-2014-0472
* SECURITY UPDATE: caching of anonymous pages could reveal CSRF token
(LP: #1309782)
- debian/patches/ CVE-2014- 0473.patch: don't cache responses with a
cookie in django/middleware/ cache.py, added tests to
tests/regressiontests /cache/ tests.py.
- CVE-2014-0473
* SECURITY UPDATE: MySQL typecasting issue (LP: #1309784)
- debian/patches/ CVE-2014- 0474.patch: convert arguments to correct
type in django/db/models/ fields/ __init_ _.py, updated docs in
docs/howto/custom- model-fields. txt, docs/ref/ databases. txt,
docs/ref/models/ querysets. txt, docs/topics/ db/sql. txt, added tests to
tests/regressiontests /model_ fields/ tests.py.
- CVE-2014-0474 - 49. By Luke Faraone
-
* New upstream security release. Fixes CVE-2013-1443. Closes: #723043.
https://www.djangoproj ect.com/ weblog/ 2013/sep/ 15/security/
- Denial-of-service via large passwords. CVE-2013-1443 - 48. By Raphaël Hertzog
-
* New upstream security release. Fixes CVE-2013-4315. Closes: #722605
https://www.djangoproj ect.com/ weblog/ 2013/sep/ 10/security- releases- issued/
- Directory traversal with ssi template tag
* Update doc-base file to drop some removed directory in the HTML doc.
* Update Standards-Version to 3.9.4.
* Bump debhelper compat level to 9. - 47. By Luke Faraone
-
* New upstream security release.
https://www.djangoproj ect.com/ weblog/ 2013/aug/ 13/security- releases- issued/
- Cross-site scripting (XSS) in admin interface
- Possible XSS via is_safe_url - 46. By Luke Faraone
-
[ Jakub Wilk ]
* Use canonical URIs for Vcs-* fields.[ Luke Faraone ]
* Upload to unstable. - 45. By Raphaël Hertzog
-
* New upstream maintenance release dropping some undesired .pyc files
and fixing a documentation link.
* High urgency due to former security updates. - 44. By Raphaël Hertzog
-
* New upstream security and maintenance release. Closes: #696535
https://www.djangoproj ect.com/ weblog/ 2012/dec/ 10/security/
* Drop debian/patches/ 01_fix- self-tests. diff, merged upstream.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/utopic/python-django
