python-django (1.4.1-2ubuntu0.7) quantal-security; urgency=medium

  * SECURITY UPDATE: cache coherency problems in old Internet Explorer
    compatibility functions lead to loss of privacy and cache poisoning
    attacks. (LP: #1317663)
    - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
      and fix_IE_for_attach() functions so Cache-Control and Vary headers are
      no longer modified. This may introduce some regressions for IE 6 and IE 7
      users. Patch from upstream.
    - CVE-2014-1418
  * SECURITY UPDATE: The validation for redirects did not correctly validate
    some malformed URLs, which are accepted by some browsers. This allows a
    user to be redirected to an unsafe URL unexpectedly.
    - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
      forbid URLs without a host but with a path. Patch from upstream.

Date: 2014-05-14 19:22:12.830842+00:00
Changed-By: Seth Arnold <seth.arn...@canonical.com>
Signed-By: Ubuntu Archive Robot 
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/quantal/+source/python-django/1.4.1-2ubuntu0.7
Sorry, changesfile not available.
-- 
Quantal-changes mailing list
Quantal-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/quantal-changes

Reply via email to