Ubuntu
python-django package

Branches for Quantal

Name Status Last Modified Last Commit
lp:ubuntu/quantal/python-django 2 Mature 2012-08-21 08:42:10 UTC
40. * New patch 01_use_stdlib_htmlparser_...

Author: Raphaƫl Hertzog
Revision Date: 2012-08-21 08:42:10 UTC

* New patch 01_use_stdlib_htmlparser_when_possible.diff to not override
  Python stdlib's HTMLParser with Python versions which are unaffected by
  http://bugs.python.org/issue670664 Closes: #683648
  Thanks to David Watson <david@planetwatson.co.uk> for the patch.
* Update the above patch to use the version committed upstream (commit
  57d9ccc).
lp:ubuntu/quantal-security/python-django bug 2 Mature 2014-05-15 01:16:34 UTC
47. * SECURITY UPDATE: cache coherency pr...

Author: Seth Arnold
Revision Date: 2014-05-14 11:05:38 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.
lp:ubuntu/quantal-updates/python-django 2 Mature 2014-05-14 11:05:38 UTC
47. * SECURITY UPDATE: cache coherency pr...

Author: Seth Arnold
Revision Date: 2014-05-14 11:05:38 UTC

* SECURITY UPDATE: cache coherency problems in old Internet Explorer
  compatibility functions lead to loss of privacy and cache poisoning
  attacks. (LP: #1317663)
  - debian/patches/drop_fix_ie_for_vary_1_4.diff: remove fix_IE_for_vary()
    and fix_IE_for_attach() functions so Cache-Control and Vary headers are
    no longer modified. This may introduce some regressions for IE 6 and IE 7
    users. Patch from upstream.
  - CVE-2014-1418
* SECURITY UPDATE: The validation for redirects did not correctly validate
  some malformed URLs, which are accepted by some browsers. This allows a
  user to be redirected to an unsafe URL unexpectedly.
  - debian/patches/is_safe_url_1_4.diff: Forbid URLs starting with '///',
    forbid URLs without a host but with a path. Patch from upstream.
13 of 3 results FirstPreviousNextLast