Ubuntu
python-django package

lp:ubuntu/raring-security/python-django

  1. Raring (13.04)
  2. raring-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/raring-security/python-django
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

46. By Marc Deslauriers

* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
  - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
    in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
    django/contrib/auth/tests/hashers.py.
  - CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
  - debian/patches/CVE-2013-4315.patch: properly check absolute path in
    django/template/defaulttags.py,
    tests/regressiontests/templates/tests.py.
  - CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
  - debian/patches/security-is_safe_url.patch: properly reject URLs which
    specify a scheme other then HTTP or HTTPS.
  - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
  - No CVE number
* debian/patches/fix-validation-tests.patch: fix regression in tests
  since example.com is now available via https.

45. By Raphaël Hertzog

* New upstream maintenance release dropping some undesired .pyc files
  and fixing a documentation link.
* High urgency due to former security updates.

44. By Raphaël Hertzog

* New upstream security and maintenance release. Closes: #696535
  https://www.djangoproject.com/weblog/2012/dec/10/security/
* Drop debian/patches/01_fix-self-tests.diff, merged upstream.

43. By Raphaël Hertzog

Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py.
Add upstream patch debian/patches/01_fix-self-tests.diff.
Thanks to Jamie Strandboge <email address hidden> for the report.
Closes: #693752 LP: #1080204

42. By Jamie Strandboge

* Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py
  - debian/patches/lp1080204.diff: Isolate poisoned_http_host tests from
    500. This can be dropped in 1.4.3.
  - https://code.djangoproject.com/ticket/19172
  - LP: #1080204

41. By Raphaël Hertzog

* New upstream security and maintenance release. Closes: #691145
  Fixes: CVE-2012-4520
* Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
  merged upstream.

40. By Raphaël Hertzog

* New patch 01_use_stdlib_htmlparser_when_possible.diff to not override
  Python stdlib's HTMLParser with Python versions which are unaffected by
  http://bugs.python.org/issue670664 Closes: #683648
  Thanks to David Watson <email address hidden> for the patch.
* Update the above patch to use the version committed upstream (commit
  57d9ccc).

39. By Raphaël Hertzog

* New upstream security and maintenance release. Closes: #683364
  Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444
* Drop 01_disable_broken_test.diff and 04_hyphen-manpage.diff which
  have been merged upstream.

38. By Raphaël Hertzog

* New upstream release. Closes: #666003
* Fix watch file to correctly extract the version number from the URL.
* Updated Standards-Version to 3.9.3 (no change needed).
* Drop 01_disable_url_verify_regression_tests.diff since upstream test
  suite has been modified to work even without internet connection.
* Update 04_hyphen-manpage.diff to apply again.
* Drop 05_fix_djangodocs_sphinx_ext.diff which has been merged
  upstream.
* Update 06_use_debian_geoip_database_as_default.diff to apply on
  renamed file.
* Drop 07_fix_for_sphinx1.1.2.diff merged upstream.
* Drop 08_fix_test_week_view_allow_future.diff, merged upstream.
* Add 01_disable_broken_test.diff to disable a test that fails with
  the current python 2.7 version in Debian.

37. By Dave Walker

* Merge with Debian. Remaining changes:
  - 09_test_view_decorator_sleep.diff increases the sleep time to
    reduce race condition effects on build machines.
    https://code.djangoproject.com/ticket/16686 (LP: #829487)
* debian/patches/{psycopg2_creation.diff,compat-psycopg2-plus2.4.2.diff}:
  - New patches, resolve compatibility with psycopg2 > 2.4.1, patches
    based on upstream submissions, rebasing courtesy of Dave Pifke.
  - LP: #905837

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/trusty/python-django
This branch contains Public information 
Everyone can see this information.

Subscribers