Branches for Lucid

Name Status Last Modified Last Commit
lp:ubuntu/lucid-proposed/python-django bug 2 Mature 2010-10-15 15:12:11 UTC 2010-10-15
28. Take fix from http://code.djangoproje...

Author: James Westby
Revision Date: 2010-09-28 14:05:47 UTC

Take fix from http://code.djangoproject.com/ticket/10976 in order to fix
the django.contrib.auth tests when the project provides its own auth
templates. (LP: #650473)

lp:ubuntu/lucid-security/python-django bug 2 Mature 2014-09-10 13:07:32 UTC 2014-09-10
39. * SECURITY UPDATE: incorrect url vali...

Author: Marc Deslauriers
Revision Date: 2014-09-10 13:07:32 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

lp:ubuntu/lucid-updates/python-django bug 2 Mature 2014-09-10 13:07:32 UTC 2014-09-10
39. * SECURITY UPDATE: incorrect url vali...

Author: Marc Deslauriers
Revision Date: 2014-09-10 13:07:32 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, added tests to
    tests/modeltests/files/models.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483
* debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS.

lp:~james-w/ubuntu/lucid/python-django/fix-contrib-auth 1 Development 2010-09-28 19:47:36 UTC 2010-09-28
28. Take fix from http://code.djangoproje...

Author: James Westby
Revision Date: 2010-09-28 18:08:49 UTC

Take fix from http://code.djangoproject.com/ticket/10976

Fixes the django.contrib.auth tests when the project provides its
own auth templates. (LP: #650473)

lp:~statik/ubuntu/lucid/python-django/fix-cookies-bug513719 bug(Has a merge proposal) 1 Development 2010-01-31 04:36:37 UTC 2010-01-31
28. Tagged patch 7 per debian patch taggi...

Author: Elliot Murphy
Revision Date: 2010-01-31 04:36:37 UTC

Tagged patch 7 per debian patch tagging guidelines.

lp:ubuntu/lucid/python-django 1 Development 2010-01-31 21:15:35 UTC 2010-01-31
27. Fix django test client cookie handling.

Author: James Westby
Revision Date: 2010-01-31 21:15:35 UTC

Fix django test client cookie handling.

lp:~zyga/ubuntu/lucid/python-django/backport-for-launch-control 1 Development 2011-03-16 18:32:22 UTC 2011-03-16
34. Add patch for django ticket 15622

Author: Zygmunt Krynicki
Revision Date: 2011-03-16 18:32:22 UTC

Add patch for django ticket 15622

17 of 7 results