lp:ubuntu/karmic-security/python-django

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

27. By Jamie Strandboge on 2011-02-15

* SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
  - debian/patches/24_CVE-2011-0696.diff: apply full CSRF validation to all
    requests, regardless of apparent AJAX origin. This is technically
    backwards-incompatible, but the security risks have been judged to
    outweigh the compatibility concerns in this case. See the Django project
    notes for more information:
    http://www.djangoproject.com/weblog/2011/feb/08/security/
  - CVE-2011-0696
* SECURITY UPDATE: potential XSS in file field rendering
  - debian/patches/25_CVE-2011-0697.diff: properly escape URL in
    django/contrib/admin/widgets.py
  - CVE-2011-0697

26. By Jamie Strandboge on 2011-01-03

* SECURITY UPDATE: information leak in admin interface
  - debian/patches/21_security_admin_infoleak.diff: validate querystring
    lookup arguments either specify only fields on the model being viewed,
    or cross relations which have been explicitly whitelisted.
  - CVE-2010-4534
* SECURITY UPDATE:
  - debian/patches/22_security_pasword_reset_dos.diff: adjust
    base36_to_int() function in django.utils.http will now validate the
    length of its input; on input longer than 13 digits (sufficient to
    base36-encode any 64-bit integer), it will now raise ValueError.
    Additionally, the default URL patterns for django.contrib.auth will now
    enforce a maximum length on the relevant parameters.
  - CVE-2010-4535
* add patch from Lucid to fix FTBFS in November by applying patch from
  upstream bug #12125
  - debian/patches/23_ftbfs_in_november.diff

25. By Krzysztof Klimonda on 2009-10-12

* Merge python-django 1.1.1-1 from debian unstable (LP: #447617)
  for security and bug fixes, all Ubuntu changes merged by Debian.
* Add to debian/patches:
  - 20_python2.6.3_regression.patch - backported upstream commit 11620
    to make Django work with Python 2.6.3 properly. (LP: #445639)

24. By Krzysztof Klimonda on 2009-08-15

* debian/patches/20_disable_url_verify_regression_tests.diff
  - Disable regression tests that require internet connection.

23. By lamby on 2009-08-14

* Run testsuite on build.
* Use "--with quilt" over specifying $(QUILT_STAMPFN)/unpatch dependencies.
* Override clean target correctly.

22. By lamby on 2009-07-29

* New upstream release.
* Merge from experimental:
  - Ship FastCGI initscript and /etc/default file in python-django's examples
    directory (Closes: #538863)
  - Drop "05_10539-sphinx06-compatibility.diff"; it has been applied
    upstream.
  - Bump Standards-Version to 3.8.2.

21. By lamby on 2009-05-16

Fix compatibility with Python 2.6 and Python transitions in general.
Thanks to Krzysztof Klimonda <email address hidden>.

20. By Michael Bienia on 2009-05-09

Python 2.6 transition.

19. By lamby on 2009-03-26

Fix issue where newly created projects do not have their manage.py file
executable.

18. By lamby on 2008-11-19

[ Chris Lamb ]
* New upstream bugfix release. Closes: #505783
* Add myself to Uploaders with ACK from Brett.

[ David Spreen ]
* Remove python-pysqlite2 from Recommends because Python 2.5 includes
  sqlite library used by Django. Closes: 497886

[ Sandro Tosi ]
* debian/control
  - switch Vcs-Browser field to viewsvn