lp:ubuntu/natty/python-django
- Get this branch:
- bzr branch lp:ubuntu/natty/python-django
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 32. By Jamie Strandboge
-
* Merge from Debian for security fixes (LP: #719031). Remaining changes:
- debian/control: don't Build-Depends on locales-all, which doesn't exist
in natty
* Drop the following patches, now included upstream:
- debian/patches/ 07_security_ admin_infoleak. diff
- debian/patches/ 08_security_ pasword_ reset_dos. diff - 31. By Jamie Strandboge
-
* SECURITY UPDATE: information leak in admin interface
- debian/patches/ 07_security_ admin_infoleak. diff: validate querystring
lookup arguments either specify only fields on the model being viewed,
or cross relations which have been explicitly whitelisted.
- CVE-2010-XXXX
* SECURITY UPDATE:
- debian/patches/ 08_security_ pasword_ reset_dos. diff: adjust
base36_to_int() function in django.utils.http will now validate the
length of its input; on input longer than 13 digits (sufficient to
base36-encode any 64-bit integer), it will now raise ValueError.
Additionally, the default URL patterns for django.contrib.auth will now
enforce a maximum length on the relevant parameters.
- CVE-2010-XXXX - 30. By Jamie Strandboge
-
* SECURITY UPDATE: XSS in CSRF protections. New upstream release
- CVE-2010-3082
* debian/patches/ 01_disable_ url_verify_ regression_ tests.diff:
- updated to disable another test that fails without internet connection
- patch based on work by Kai Kasurinen and Krzysztof Klimonda
* debian/control: don't Build-Depends on locales-all, which doesn't exist
in maverick - 26. By lamby
-
* Remove embedded "decimal" code copy and use system version instead. The
"doctest" code copy cannot be removed as parts of Django depend on modified
behaviour. (Closes: #555419)
* Fix FTBFS in November by applying patch from upstream bug #12125.
(Closes: #555931)
* Fix FTBFS under Python 2.6.3 by applying patch from upstream bug #11993.
(Closes: #555969) - 25. By Krzysztof Klimonda
-
* Merge python-django 1.1.1-1 from debian unstable (LP: #447617)
for security and bug fixes, all Ubuntu changes merged by Debian.
* Add to debian/patches:
- 20_python2.6.3_regression. patch - backported upstream commit 11620
to make Django work with Python 2.6.3 properly. (LP: #445639) - 24. By Krzysztof Klimonda
-
* debian/
patches/ 20_disable_ url_verify_ regression_ tests.diff
- Disable regression tests that require internet connection.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/python-django