lp:ubuntu/raring-security/python-django
- Get this branch:
- bzr branch lp:ubuntu/raring-security/python-django
Branch merges
Branch information
Recent revisions
- 46. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
- debian/patches/ CVE-2013- 1443.patch: enforce a maximum password length
in django/contrib/ auth/forms. py, django/ contrib/ auth/hashers. py,
django/contrib/ auth/tests/ hashers. py.
- CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
- debian/patches/ CVE-2013- 4315.patch: properly check absolute path in
django/template/ defaulttags. py,
tests/regressiontests /templates/ tests.py.
- CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
- debian/patches/ security- is_safe_ url.patch: properly reject URLs which
specify a scheme other then HTTP or HTTPS.
- https://www.djangoproj ect.com/ weblog/ 2013/aug/ 13/security- releases- issued/
- No CVE number
* debian/patches/ fix-validation- tests.patch: fix regression in tests
since example.com is now available via https. - 45. By Raphaël Hertzog
-
* New upstream maintenance release dropping some undesired .pyc files
and fixing a documentation link.
* High urgency due to former security updates. - 44. By Raphaël Hertzog
-
* New upstream security and maintenance release. Closes: #696535
https://www.djangoproj ect.com/ weblog/ 2012/dec/ 10/security/
* Drop debian/patches/ 01_fix- self-tests. diff, merged upstream. - 43. By Raphaël Hertzog
-
Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py.
Add upstream patch debian/patches/ 01_fix- self-tests. diff.
Thanks to Jamie Strandboge <email address hidden> for the report.
Closes: #693752 LP: #1080204 - 42. By Jamie Strandboge
-
* Don't fail self-tests if MANAGERS or ADMINS is defined in settings.py
- debian/patches/ lp1080204. diff: Isolate poisoned_http_host tests from
500. This can be dropped in 1.4.3.
- https://code.djangopro ject.com/ ticket/ 19172
- LP: #1080204 - 41. By Raphaël Hertzog
-
* New upstream security and maintenance release. Closes: #691145
Fixes: CVE-2012-4520
* Drop 01_use_stdlib_ htmlparser_ when_possible. diff which has been
merged upstream. - 40. By Raphaël Hertzog
-
* New patch 01_use_
stdlib_ htmlparser_ when_possible. diff to not override
Python stdlib's HTMLParser with Python versions which are unaffected by
http://bugs.python. org/issue670664 Closes: #683648
Thanks to David Watson <email address hidden> for the patch.
* Update the above patch to use the version committed upstream (commit
57d9ccc). - 39. By Raphaël Hertzog
-
* New upstream security and maintenance release. Closes: #683364
Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444
* Drop 01_disable_broken_ test.diff and 04_hyphen- manpage. diff which
have been merged upstream. - 38. By Raphaël Hertzog
-
* New upstream release. Closes: #666003
* Fix watch file to correctly extract the version number from the URL.
* Updated Standards-Version to 3.9.3 (no change needed).
* Drop 01_disable_url_verify_ regression_ tests.diff since upstream test
suite has been modified to work even without internet connection.
* Update 04_hyphen-manpage. diff to apply again.
* Drop 05_fix_djangodocs_ sphinx_ ext.diff which has been merged
upstream.
* Update 06_use_debian_ geoip_database_ as_default. diff to apply on
renamed file.
* Drop 07_fix_for_sphinx1. 1.2.diff merged upstream.
* Drop 08_fix_test_week_ view_allow_ future. diff, merged upstream.
* Add 01_disable_broken_ test.diff to disable a test that fails with
the current python 2.7 version in Debian. - 37. By Dave Walker
-
* Merge with Debian. Remaining changes:
- 09_test_view_decorator_ sleep.diff increases the sleep time to
reduce race condition effects on build machines.
https://code.djangopro ject.com/ ticket/ 16686 (LP: #829487)
* debian/patches/ {psycopg2_ creation. diff,compat- psycopg2- plus2.4. 2.diff} :
- New patches, resolve compatibility with psycopg2 > 2.4.1, patches
based on upstream submissions, rebasing courtesy of Dave Pifke.
- LP: #905837
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/python-django