python-django (1.2.5-1ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: Cross-site scripting in authentication views
(LP: #1031733)
- debian/patches/16_fix_cross_site_scripting_in_authentication.diff:
fix unsafe redirects indjango/http/__init__.py, add test case to
tests/regressiontests/httpwrappers/tests.py. Patch backport taken
from Debian Squeeze and fixed for python 2.4 compatibility.
- CVE-2012-3442
* SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733)
- debian/patches/17_fix_dos_in_image_validation.diff: call verify()
immediately after the constructor in django/forms/fields.py.
- CVE-2012-3443
* SECURITY UPDATE: Denial-of-service via get_image_dimensions()
(LP: #1031733)
- debian/patches/18_fix_dos_via_get_image_dimensions.diff: don't limit
chunk size in django/core/files/images.py.
- CVE-2012-3444
Date: 2012-09-06 14:20:14.708305+00:00
Changed-By: Marc Deslauriers <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/natty/+source/python-django/1.2.5-1ubuntu1.2
Sorry, changesfile not available.
--
Natty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/natty-changes
