CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2013/03/02 05:47:50
Modified files:
www/py-django : Makefile distinfo
www/py-django/pkg: PLIST
Log message:
SECURITY update; py-Django 1.4.5
https://www.djangoproject.com/weblog/2013/feb/19/security/
- Host header poisoning: an attacker could cause Django to generate
and display URLs that link to arbitrary domains.
- Formset denial-of-service: an attacker can abuse Django's tracking
of the number of forms in a formset to cause a denial-of-service attack.
- XML attacks: Django's serialization framework was vulnerable to
attacks via XML entity expansion and external references.
- Data leakage via admin history log: Django's admin interface could
expose supposedly-hidden information via its history log.
