CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2013/03/03 05:33:18
Modified files:
www/py-django : Tag: OPENBSD_5_2 Makefile distinfo
www/py-django/pkg: Tag: OPENBSD_5_2 PLIST
Log message:
MFC py-django SECURITY update to 1.4.5, reminded by maintainer.
https://www.djangoproject.com/weblog/2013/feb/19/security/
- Host header poisoning: an attacker could cause Django to generate
and display URLs that link to arbitrary domains.
- Formset denial-of-service: an attacker can abuse Django's tracking
of the number of forms in a formset to cause a denial-of-service attack.
- XML attacks: Django's serialization framework was vulnerable to
attacks via XML entity expansion and external references.
- Data leakage via admin history log: Django's admin interface could
expose supposedly-hidden information via its history log.
