python-django (1.8.7-1ubuntu2) xenial; urgency=medium * SECURITY UPDATE: malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth - debian/patches/CVE-2016-2512.patch: prevent spoofing in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 * SECURITY UPDATE: user enumeration through timing difference on password hasher work factor upgrade - debian/patches/CVE-2016-2513.patch: fix timing in django/contrib/auth/hashers.py, added note to docs/topics/auth/passwords.txt, added tests to tests/auth_tests/test_hashers.py. - CVE-2016-2513
Date: Thu, 25 Feb 2016 10:02:48 -0500 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 25 Feb 2016 10:02:48 -0500 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source Version: 1.8.7-1ubuntu2 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Changes: python-django (1.8.7-1ubuntu2) xenial; urgency=medium . * SECURITY UPDATE: malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth - debian/patches/CVE-2016-2512.patch: prevent spoofing in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 * SECURITY UPDATE: user enumeration through timing difference on password hasher work factor upgrade - debian/patches/CVE-2016-2513.patch: fix timing in django/contrib/auth/hashers.py, added note to docs/topics/auth/passwords.txt, added tests to tests/auth_tests/test_hashers.py. - CVE-2016-2513 Checksums-Sha1: 9648adeebaec8ed8a8f59932a45b97ef9b4143d6 2787 python-django_1.8.7-1ubuntu2.dsc fcfc2c3cfb98870b105d6f1402da6c3e4ffeafe4 29452 python-django_1.8.7-1ubuntu2.debian.tar.xz Checksums-Sha256: 3281b551630e5204f0054b3647f616395d87f49b8fac8520c32d5a55f474ca75 2787 python-django_1.8.7-1ubuntu2.dsc 459e9a65c16bdcf76de4f2efb822ee3cfe16ca1f2a58d47ac16e28a36dfc1f66 29452 python-django_1.8.7-1ubuntu2.debian.tar.xz Files: ff9897ac48d2f2925305f7787d257609 2787 python optional python-django_1.8.7-1ubuntu2.dsc 47255d928d69837a8efc78d18ab70ec6 29452 python optional python-django_1.8.7-1ubuntu2.debian.tar.xz Original-Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJW1ebqAAoJEGVp2FWnRL6TRHcP/3fSDnnnEEU8ttJ96tQreBSP UoPl+efayQYOAhO2Nyi0VfKvLLNfZg9ULiWsAJiXmYjCc9PkwKbAmJ3GGYWUmzdt ypJ3oaHUodxRhLzXAeMvfU4IMiGMyw4Ht0MF2uM7FJKv9gyQnlG/7sL5L9XXTvtr RU6HMoUVswLDi3ghn2tz0bG6ntdvbEshPBGYNgPpp4REeUTK3iK8edLtQO8BHkLE +YMT2PCXGxS7EN1zk8xPhV7tSbCQJNSctMjTX5d39N3jf5ynuqDBDm+8t1VPvEcH DxG2uoMbOejYpG0c7mmdjyQ2U7Ay0bjbq0NwS6S9LV4SZHh8Y3WpkP3EGJFvGTkX p/oA23kxKaMUQU6WjNBtiH7DIDp1lwN5P6qwc/4pjr+5kib01hU+SMPa3dtGVjJs /mx8wGQVO4NW4RbUQqoN+YPR//yir95ruGi1i1YcLRUndjNuhn5gMtnpQvP4YxBC j6fw7MZF8/h9OPNyXuSvb01IY0WAygHM4nxLZeVp5comVbFeS4zNUa8a2y0dqKyi toPm4KQHJhIaDn4jLstKA2kNsB//vSCdjiwg8BdWc4SXGFJAOdPhbBBWDhAQF9is SZXAPY9ImmrlB+DbGvZtr/wpsbPf9ISyefkYIAtTeuS/3pSrdPPG5WIWjauvh9fU 8gvCBAMa4d3eyM04KqT9 =XY/W -----END PGP SIGNATURE-----
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes