-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-2843 2013-02-23 00:27:13 --------------------------------------------------------------------------------
Name : python-django Product : Fedora 18 Version : 1.4.5 Release : 2.fc18 URL : http://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Update to Django-1.4.4, security fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 21 2013 Matthias Runge <[email protected]> - 1.4.5-2 - update to latest stable upstream version - fix minor packaging issues introduced upstream * Wed Feb 20 2013 Matthias Runge <[email protected]> - 1.4.4-1 - update to 1.4.4 (rhbz #913024) - Data leakage via admin history log CVE-2013-0305 (rhbz #913041) - Formset denial-of-service CVE-2013-0306 (rhbz #913042) * Thu Feb 14 2013 Fedora Release Engineering <[email protected]> - 1.4.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jan 24 2013 Matthias Runge <[email protected]> - 1.4.3-2 - also obsolete version 1.4.3-1 * Sun Jan 13 2013 Matthias Runge <[email protected]> - 1.4.3-2 - own directories (rhbz#894533) * Tue Dec 11 2012 Matthias Runge <[email protected]> - 1.4.3-1 - security update to upstream version 1.4.3 https://www.djangoproject.com/weblog/2012/dec/10/security/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #913037 - Django: Host header poisoning hardening https://bugzilla.redhat.com/show_bug.cgi?id=913037 [ 2 ] Bug #913039 - Django: XML entity attacks https://bugzilla.redhat.com/show_bug.cgi?id=913039 [ 3 ] Bug #913041 - CVE-2013-0305 Django: Data leakage via admin history log https://bugzilla.redhat.com/show_bug.cgi?id=913041 [ 4 ] Bug #913042 - CVE-2013-0306 Django: Formset denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=913042 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-django' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
