lp:ubuntu/karmic-security/python-django
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/python-django
Branch merges
Branch information
Recent revisions
- 27. By Jamie Strandboge
-
* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
- debian/patches/ 24_CVE- 2011-0696. diff: apply full CSRF validation to all
requests, regardless of apparent AJAX origin. This is technically
backwards-incompatible, but the security risks have been judged to
outweigh the compatibility concerns in this case. See the Django project
notes for more information:
http://www.djangoproje ct.com/ weblog/ 2011/feb/ 08/security/
- CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
- debian/patches/ 25_CVE- 2011-0697. diff: properly escape URL in
django/contrib/ admin/widgets. py
- CVE-2011-0697 - 26. By Jamie Strandboge
-
* SECURITY UPDATE: information leak in admin interface
- debian/patches/ 21_security_ admin_infoleak. diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-4534
* SECURITY UPDATE:
- debian/patches/ 22_security_ pasword_ reset_dos. diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-4535
* add patch from Lucid to fix FTBFS in November by applying patch from
upstream bug #12125
- debian/patches/ 23_ftbfs_ in_november. diff - 25. By Krzysztof Klimonda
-
* Merge python-django 1.1.1-1 from debian unstable (LP: #447617)
for security and bug fixes, all Ubuntu changes merged by Debian.
* Add to debian/patches:
- 20_python2.6.3_regression. patch - backported upstream commit 11620
to make Django work with Python 2.6.3 properly. (LP: #445639) - 24. By Krzysztof Klimonda
-
* debian/
patches/ 20_disable_ url_verify_ regression_ tests.diff
- Disable regression tests that require internet connection. - 23. By lamby
-
* Run testsuite on build.
* Use "--with quilt" over specifying $(QUILT_STAMPFN) /unpatch dependencies.
* Override clean target correctly. - 22. By lamby
-
* New upstream release.
* Merge from experimental:
- Ship FastCGI initscript and /etc/default file in python-django's examples
directory (Closes: #538863)
- Drop "05_10539-sphinx06- compatibility. diff"; it has been applied
upstream.
- Bump Standards-Version to 3.8.2. - 21. By lamby
-
Fix compatibility with Python 2.6 and Python transitions in general.
Thanks to Krzysztof Klimonda <email address hidden>. - 18. By lamby
-
[ Chris Lamb ]
* New upstream bugfix release. Closes: #505783
* Add myself to Uploaders with ACK from Brett.[ David Spreen ]
* Remove python-pysqlite2 from Recommends because Python 2.5 includes
sqlite library used by Django. Closes: 497886[ Sandro Tosi ]
* debian/control
- switch Vcs-Browser field to viewsvn
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/python-django