[ubuntu/lucid-security] python-django 1.1.1-2ubuntu1.5 (Accepted)

Marc Deslauriers Mon, 10 Sep 2012 05:35:39 -0700

python-django (1.1.1-2ubuntu1.5) lucid-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting in authentication views
    (LP: #1031733)
    - debian/patches/16_fix_cross_site_scripting_in_authentication.diff:
      fix unsafe redirects indjango/http/__init__.py. Patch backported from
      Debian Squeeze and fixed for python 2.4 compatibility.
    - CVE-2012-3442
  * SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733)
    - debian/patches/17_fix_dos_in_image_validation.diff: call verify()
      immediately after the constructor in django/forms/fields.py.
    - CVE-2012-3443
  * SECURITY UPDATE: Denial-of-service via get_image_dimensions()
    (LP: #1031733)
    - debian/patches/18_fix_dos_via_get_image_dimensions.diff: don't limit
      chunk size in django/core/files/images.py.
    - CVE-2012-3444


Date: 2012-09-06 14:20:10.882025+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.5

Sorry, changesfile not available.

-- 
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

[ubuntu/lucid-security] python-django 1.1.1-2ubuntu1.5 (Accepted)

Reply via email to