This bug was fixed in the package python-django - 1.2.5-1ubuntu1.2
---------------
python-django (1.2.5-1ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: Cross-site scripting in authentication views
(LP: #1031733)
- debian/patches/16_fix_cross_site_scripting_in_authentication.diff:
fix unsafe redirects indjango/http/__init__.py, add test case to
tests/regressiontests/httpwrappers/tests.py. Patch backport taken
from Debian Squeeze and fixed for python 2.4 compatibility.
- CVE-2012-3442
* SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733)
- debian/patches/17_fix_dos_in_image_validation.diff: call verify()
immediately after the constructor in django/forms/fields.py.
- CVE-2012-3443
* SECURITY UPDATE: Denial-of-service via get_image_dimensions()
(LP: #1031733)
- debian/patches/18_fix_dos_via_get_image_dimensions.diff: don't limit
chunk size in django/core/files/images.py.
- CVE-2012-3444
-- Marc Deslauriers <[email protected]> Thu, 06 Sep 2012 09:39:29
-0400
** Changed in: python-django (Ubuntu Oneiric)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1031733
Title:
Django security update 1.3.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1031733/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
