Change log for python-django package in Ubuntu
| 151 → 225 of 376 results | First • Previous • Next • Last |
python-django (1:1.11.15-1ubuntu1.3) cosmic-security; urgency=medium
* SECURITY UPDATE: Incorrect HTTP detection with reverse-proxy
connecting via HTTPS
- debian/patches/CVE-2019-12781.patch: made HttpRequest always
trusty SECURE_PROXY_SSL_HEADER if set in django/http/request.py,
docs/ref/settings.txt and added tests to tests/settings_test/tests.py.
- CVE-2019-12781
* SECURITY UPDATE: XSS in Django admin via AdminURLFieldWidget
- debian/patches/CVE-2019-12308.patch: made AdminURLFieldWidget
validate URL before rendering clickable link in
django/contrib/admin/templates/admin/widgets/url.html,
django/contrib/admin/widgets.py add test test/admin_widgets/tests.py.
- CVE-2019-12308
-- <email address hidden> (Leonidas S. Barbosa) Mon, 24 Jun 2019 13:28:11 -0300
Available diffs
python-django (1:1.11.11-1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: Incorrect HTTP detection with reverse-proxy
connecting via HTTPS
- debian/patches/CVE-2019-12781.patch: made HttpRequest always
trusty SECURE_PROXY_SSL_HEADER if set in django/http/request.py,
docs/ref/settings.txt and added tests to tests/settings_test/tests.py.
- CVE-2019-12781
* SECURITY UPDATE: XSS in Django admin via AdminURLFieldWidget
- debian/patches/CVE-2019-12308.patch: made AdminURLFieldWidget
validate URL before rendering clickable link in
django/contrib/admin/templates/admin/widgets/url.html,
django/contrib/admin/widgets.py add test test/admin_widgets/tests.py.
- CVE-2019-12308
-- <email address hidden> (Leonidas S. Barbosa) Mon, 24 Jun 2019 11:50:51 -0300
Available diffs
python-django (1:1.11.21-1) unstable; urgency=medium
* New upstream security release.
- CVE-2019-12308: XSS in Django admin via AdminURLFieldWidget
(Closes: #929927)
-- Luke W Faraone <email address hidden> Wed, 05 Jun 2019 00:07:07 +0000
Available diffs
- diff from 1:1.11.20-1 to 1:1.11.21-1 (5.2 KiB)
python-django (1.8.7-1ubuntu5.8) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via memory exhaustion
- debian/patches/CVE-2019-6975.patch: limit digits in
django/utils/numberformat.py, added tests to
tests/utils_tests/test_numberformat.py.
- CVE-2019-6975
-- Marc Deslauriers <email address hidden> Tue, 12 Feb 2019 08:55:08 -0500
Available diffs
python-django (1:1.11.11-1ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via memory exhaustion
- debian/patches/CVE-2019-6975.patch: limit digits in
django/utils/numberformat.py, added tests to
tests/utils_tests/test_numberformat.py.
- CVE-2019-6975
-- Marc Deslauriers <email address hidden> Tue, 12 Feb 2019 08:53:30 -0500
Available diffs
python-django (1:1.11.15-1ubuntu1.2) cosmic-security; urgency=medium
* SECURITY UPDATE: DoS via memory exhaustion
- debian/patches/CVE-2019-6975.patch: limit digits in
django/utils/numberformat.py, added tests to
tests/utils_tests/test_numberformat.py.
- CVE-2019-6975
-- Marc Deslauriers <email address hidden> Tue, 12 Feb 2019 07:54:23 -0500
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
python-django (1:1.11.20-1) unstable; urgency=medium
* New upstream security release.
- CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format().
(Closes: #922027)
-- Chris Lamb <email address hidden> Mon, 11 Feb 2019 19:08:53 +0100
Available diffs
python-django (1.8.7-1ubuntu5.7) xenial-security; urgency=medium
* SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
django/views/defaults.py, add test to tests/handlers/tests.py.
- CVE-2019-3498
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 13:45:35 -0500
Available diffs
python-django (1:1.11.11-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
django/views/defaults.py, add test to tests/handlers/tests.py.
- CVE-2019-3498
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 13:41:48 -0500
python-django (1.6.11-0ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
django/views/defaults.py.
- CVE-2019-3498
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 14:00:29 -0500
Available diffs
python-django (1:1.11.15-1ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: content spoofing in the default 404 page
- debian/patches/CVE-2019-3498.patch: properly quote string in
django/views/defaults.py, add test to tests/handlers/tests.py.
- CVE-2019-3498
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 13:37:05 -0500
Available diffs
python-django (1:1.11.18-1ubuntu2) disco; urgency=medium
* Drop Ubuntu delta introduced in 1.7.9-1ubuntu3.
- both pymysql and mysqldb are now in main, but the switch seems to
be causing a lot of troubles on upstream testsuite
https://github.com/django/django/pull/10824
-- Gianfranco Costamagna <email address hidden> Mon, 07 Jan 2019 11:21:03 +0100
Available diffs
| Superseded in disco-proposed |
python-django (1:1.11.18-1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.17-2ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
| Superseded in disco-proposed |
python-django (1:1.11.17-2) unstable; urgency=medium
* Backport patch from upstream to fix compatibility with SQLite 3.26.
(Closes: #915626)
-- Chris Lamb <email address hidden> Fri, 07 Dec 2018 14:14:22 +0100
Available diffs
python-django (1:1.11.17-1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
| Superseded in disco-proposed |
python-django (1:1.11.17-1) unstable; urgency=medium
* New upstream bugfix release.
- https://docs.djangoproject.com/en/stable/releases/1.11.17/
* Drop patches that have been applied upstream:
- 0005-Fix-SyntaxError-Generator-expression-must-be-parenth.patch,
- 0007-Refs-28814-Fixed-migrations-crash-with-namespace-pac.patch
- 0008-Refs-28814-Fixed-test_runner-failure-on-Python-3.7.patch
-- Chris Lamb <email address hidden> Mon, 03 Dec 2018 22:34:53 +0100
Available diffs
python-django (1:1.11.16-4ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
- Ignore test results, seems they have been broken since a lot of time, see
Debian bug: #891753
Available diffs
| Superseded in disco-proposed |
python-django (1:1.11.16-3ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
- Ignore test results, seems they have been broken since a lot of time, see
Debian bug: #891753
Available diffs
| Superseded in disco-proposed |
python-django (1:1.11.16-3) unstable; urgency=medium
* Default to supporting Spatialite >= 4.2. (Closes: #910240)
* debian/control:
- Update libgdal's SONAME in Suggests.
- Add libsqlite3-mod-spatialite to Suggests.
-- Chris Lamb <email address hidden> Thu, 04 Oct 2018 10:38:34 +0100
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
python-django (1:1.11.15-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
- Ignore test results, seems they have been broken since a lot of time, see
Debian bug: #891753
Available diffs
| Superseded in cosmic-proposed |
python-django (1:1.11.15-1) unstable; urgency=medium
* New upstream security release.
- CVE-2018-14574: Open redirect possibility in CommonMiddleware.
(Closes: #905216)
-- Chris Lamb <email address hidden> Wed, 01 Aug 2018 23:06:03 +0800
Available diffs
python-django (1:1.11.11-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: open redirect possibility in CommonMiddleware
- debian/patches/CVE-2018-14574.patch: escape leading slashes in
django/middleware/common.py, django/urls/resolvers.py,
django/utils/http.py, tests/middleware/tests.py,
tests/middleware/urls.py, tests/utils_tests/test_http.py.
- CVE-2018-14574
-- Marc Deslauriers <email address hidden> Thu, 26 Jul 2018 08:18:03 -0400
Available diffs
python-django (1:1.11.14-1ubuntu2) cosmic; urgency=medium
* Ignore test results, seems they have been broken since a lot of time, see
Debian bug: #891753
-- Gianfranco Costamagna <email address hidden> Tue, 03 Jul 2018 12:04:18 +0200
Available diffs
| Superseded in cosmic-proposed |
python-django (1:1.11.14-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
| Superseded in cosmic-proposed |
python-django (1:1.11.13-2ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.13-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
python-django (1:1.11.11-1ubuntu1) bionic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1.8.7-1ubuntu5.6) xenial-security; urgency=medium
* SECURITY UPDATE: DoS in urlize and urlizetrunc template filters
- debian/patches/CVE-2018-7536.patch: fix backtracking in
django/utils/html.py, add test to tests/utils_tests/test_html.py.
- CVE-2018-7536
* SECURITY UPDATE: DoS in truncatechars_html and truncatewords_html
template filters
- debian/patches/CVE-2018-7537.patch: fix backtracking in
django/utils/text.py, add test to tests/utils_tests/test_text.py.
- CVE-2018-7537
-- Marc Deslauriers <email address hidden> Mon, 05 Mar 2018 15:32:46 +0100
Available diffs
python-django (1.6.11-0ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: DoS in urlize and urlizetrunc template filters
- debian/patches/CVE-2018-7536.patch: fix backtracking in
django/utils/html.py, add test to tests/utils_tests/test_html.py.
- CVE-2018-7536
* SECURITY UPDATE: DoS in truncatechars_html and truncatewords_html
template filters
- debian/patches/CVE-2018-7537.patch: fix backtracking in
django/utils/text.py, add test to tests/utils_tests/test_text.py.
- CVE-2018-7537
-- Marc Deslauriers <email address hidden> Mon, 05 Mar 2018 15:52:37 +0100
Available diffs
python-django (1:1.11.4-1ubuntu1.2) artful-security; urgency=medium
* SECURITY UPDATE: DoS in urlize and urlizetrunc template filters
- debian/patches/CVE-2018-7536.patch: fix backtracking in
django/utils/html.py, add test to tests/utils_tests/test_html.py.
- CVE-2018-7536
* SECURITY UPDATE: DoS in truncatechars_html and truncatewords_html
template filters
- debian/patches/CVE-2018-7537.patch: fix backtracking in
django/utils/text.py, add test to tests/utils_tests/test_text.py.
- CVE-2018-7537
-- Marc Deslauriers <email address hidden> Mon, 05 Mar 2018 14:32:00 +0100
Available diffs
| Superseded in bionic-proposed |
python-django (1:1.11.10-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.4-1ubuntu1.1) artful-security; urgency=medium
* SECURITY UPDATE: cross-site scripting attack
- debian/patches/CVE-2017-12794.patch: Fixed XSS possibility in
traceback section of technical 500 debug page in django/views/debug.py,
tests/view_tests/tests/py3_test_debug.py.
- CVE-2017-12794
* SECURITY UPDATE: AuthenticationForm issue allowed obtain potentially
sensitive informations
- debian/patches/CVE-2018-6188.patch: this backport added just a test that
was missing, major part of the code original patcha and the package were
already applied in the package. Test add in test/auth_tests/test_forms.py.
- CVE-2018-6188
-- <email address hidden> (Leonidas S. Barbosa) Tue, 06 Feb 2018 10:18:21 -0300
Available diffs
python-django (1:1.11.9-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.6-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
python-django (1:1.11.4-1ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.3-1ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
* All other changes dropped, as they were backports of upstream fixes.
Available diffs
| Superseded in artful-proposed |
python-django (1:1.11.2-2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
* All other changes dropped, as they were backports of upstream fixes.
Available diffs
python-django (1:1.10.7-2ubuntu2) artful; urgency=medium
* d/p/0001-Refs-27025-Fixed-tests-for-the-new-ModuleNotFoundErr.patch,
d/p/0001-Refs-27025-Fixed-a-test-for-the-new-re.RegexFlag-in-.patch,
d/p/0001-Refs-27025-Fixed-a-timezone-test-for-Python-3.6.patch,
d/p/0001-Refs-27025-Fixed-a-servers-test-on-Python-3.6.patch:
fix tests for compatibility with python 3.6.
-- Steve Langasek <email address hidden> Sat, 17 Jun 2017 23:33:25 -0700
Available diffs
| Superseded in artful-proposed |
python-django (1:1.10.7-2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
* All other changes dropped, as they were backports of upstream fixes.
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
python-django (1.8.7-1ubuntu11) zesty; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/utils_tests/test_http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
-- Marc Deslauriers <email address hidden> Mon, 03 Apr 2017 10:32:55 -0400
Available diffs
python-django (1.8.7-1ubuntu10) zesty; urgency=medium
* debian/patches/fix_ftbfs.patch: remove deprecated html_translator_class
sphinx config option in docs/_ext/djangodocs.py, docs/conf.py.
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 19:01:14 -0400
Available diffs
python-django (1.3.1-4ubuntu1.23) precise-security; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/regressiontests/utils/http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:49:05 -0400
Available diffs
python-django (1.8.7-1ubuntu5.5) xenial-security; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/utils_tests/test_http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:34:09 -0400
Available diffs
python-django (1.6.11-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/utils_tests/test_http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:38:12 -0400
Available diffs
python-django (1.8.7-1ubuntu8.2) yakkety-security; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/utils_tests/test_http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
-- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:32:39 -0400
Available diffs
python-django (1.6.11-0ubuntu1) trusty; urgency=medium * Update to final upstream 1.6 microrelease (LP: #1644346) * Drop patches included upstream: - debian/patches/07_translation_encoding_fix.diff, ticket21869.diff, CVE-2014-0472.patch, CVE-2014-0473.patch, CVE-2014-0474.patch, CVE-2014-0472-regression.patch, drop_fix_ie_for_vary_1_6.diff, is_safe_url_1_6.diff, CVE-2014-0480.patch, CVE-2014-0481.patch, CVE-2014-0482.patch, CVE-2014-0483.patch, CVE-2014-0483-bug23329.patch, CVE-2014-0483-bug23431.patch, CVE-2015-0219.patch, CVE-2015-0220.patch, CVE-2015-0221.patch, CVE-2015-0222.patch, CVE-2015-2316.patch, and CVE-2015-2317.patch -- Scott Kitterman <email address hidden> Wed, 23 Nov 2016 14:41:31 -0500
Available diffs
python-django (1.8.7-1ubuntu9) zesty; urgency=medium
* SECURITY UPDATE: user with hardcoded password created when running
tests on Oracle
- debian/patches/CVE-2016-9013.patch: remove hardcoded password in
django/db/backends/oracle/creation.py, added note to
docs/ref/settings.txt.
- CVE-2016-9013
* SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
- debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
django/http/request.py, updated docs/ref/settings.txt, added test to
tests/requests/tests.py.
- CVE-2016-9014
-- Marc Deslauriers <email address hidden> Tue, 01 Nov 2016 14:46:03 -0400
Available diffs
python-django (1.6.1-2ubuntu0.16) trusty-security; urgency=medium
* SECURITY UPDATE: user with hardcoded password created when running
tests on Oracle
- debian/patches/CVE-2016-9013.patch: remove hardcoded password in
django/db/backends/oracle/creation.py, added note to
docs/ref/settings.txt.
- CVE-2016-9013
* SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
- debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
django/http/request.py, updated docs/ref/settings.txt, added test to
tests/requests/tests.py.
- CVE-2016-9014
-- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 10:14:20 -0400
Available diffs
python-django (1.3.1-4ubuntu1.22) precise-security; urgency=medium
* SECURITY UPDATE: user with hardcoded password created when running
tests on Oracle
- debian/patches/CVE-2016-9013.patch: remove hardcoded password in
django/db/backends/oracle/creation.py, added note to
docs/ref/settings.txt.
- CVE-2016-9013
* SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
- debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
django/http/__init__.py, updated docs/ref/settings.txt, added test to
tests/regressiontests/requests/tests.py.
- CVE-2016-9014
-- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 10:31:12 -0400
Available diffs
python-django (1.8.7-1ubuntu5.4) xenial-security; urgency=medium
* SECURITY UPDATE: user with hardcoded password created when running
tests on Oracle
- debian/patches/CVE-2016-9013.patch: remove hardcoded password in
django/db/backends/oracle/creation.py, added note to
docs/ref/settings.txt.
- CVE-2016-9013
* SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
- debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
django/http/request.py, updated docs/ref/settings.txt, added test to
tests/requests/tests.py.
- CVE-2016-9014
* This update does _not_ contain the changes from 1.8.7-1ubuntu5.3 in
xenial-proposed.
-- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 09:57:03 -0400
Available diffs
python-django (1.8.7-1ubuntu8.1) yakkety-security; urgency=medium
* SECURITY UPDATE: user with hardcoded password created when running
tests on Oracle
- debian/patches/CVE-2016-9013.patch: remove hardcoded password in
django/db/backends/oracle/creation.py, added note to
docs/ref/settings.txt.
- CVE-2016-9013
* SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True
- debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in
django/http/request.py, updated docs/ref/settings.txt, added test to
tests/requests/tests.py.
- CVE-2016-9014
-- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 09:22:27 -0400
Available diffs
| Deleted in xenial-proposed (Reason: moved to -updates) |
python-django (1.8.7-1ubuntu5.3) xenial; urgency=medium * Backport upstream fix for ipv6-formatted ipv4 addresses (LP: #1611923) -- Jon Grimm <email address hidden> Wed, 28 Sep 2016 14:27:53 -0500
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
python-django (1.8.7-1ubuntu8) yakkety; urgency=medium
* SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics
- debian/patches/CVE-2016-7401.patch: simplify cookie parsing in
django/http/cookie.py, add tests to tests/httpwrappers/tests.py,
tests/requests/tests.py.
- CVE-2016-7401
-- Marc Deslauriers <email address hidden> Tue, 27 Sep 2016 10:10:04 -0400
Available diffs
python-django (1.3.1-4ubuntu1.21) precise-security; urgency=medium
* SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics
- debian/patches/CVE-2016-7401.patch: simplify cookie parsing in
django/http/__init__.py, add tests to
tests/regressiontests/httpwrappers/tests.py,
tests/regressiontests/requests/tests.py.
- CVE-2016-7401
-- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:45:02 -0400
Available diffs
python-django (1.6.1-2ubuntu0.15) trusty-security; urgency=medium
* SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics
- debian/patches/CVE-2016-7401.patch: simplify cookie parsing in
django/http/cookie.py, add tests to tests/httpwrappers/tests.py,
tests/requests/tests.py.
- CVE-2016-7401
-- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:36:53 -0400
Available diffs
- diff from 1.6.1-2ubuntu0.14 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.6.1-2ubuntu0.15 (3.0 KiB)
- diff from 1.6.1-2ubuntu0.12 to 1.6.1-2ubuntu0.15 (pending)
python-django (1.8.7-1ubuntu5.2) xenial-security; urgency=medium
* SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics
- debian/patches/CVE-2016-7401.patch: simplify cookie parsing in
django/http/cookie.py, add tests to tests/httpwrappers/tests.py,
tests/requests/tests.py.
- CVE-2016-7401
-- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:29:01 -0400
Available diffs
- diff from 1.8.7-1ubuntu5.1 to 1.8.7-1ubuntu5.2 (pending)
python-django (1.8.7-1ubuntu7) yakkety; urgency=medium * Backport upstream fix for ipv6-formatted ipv4 addresses (LP: #1611923) -- Jon Grimm <email address hidden> Thu, 15 Sep 2016 23:14:29 -0500
Available diffs
python-django (1.8.7-1ubuntu6) yakkety; urgency=medium
* SECURITY UPDATE: XSS in admin's add/change related popup
- debian/patches/CVE-2016-6186.patch: change to text in
django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js,
django/views/debug.py, added to tests in tests/admin_views/admin.py,
tests/admin_views/models.py, tests/admin_views/tests.py.
- CVE-2016-6186
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2016 07:56:43 -0400
Available diffs
python-django (1.8.7-1ubuntu5.1) xenial-security; urgency=medium
* SECURITY UPDATE: XSS in admin's add/change related popup
- debian/patches/CVE-2016-6186.patch: change to text in
django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js,
django/views/debug.py, added to tests in tests/admin_views/admin.py,
tests/admin_views/models.py, tests/admin_views/tests.py.
- CVE-2016-6186
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2016 07:56:43 -0400
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
python-django (1.8.7-1ubuntu5) xenial; urgency=medium
* Backport b1afebf882db5296cd9dcea26ee66d5250922e53 for ticket 26204 from
upstream (1.8.10) to allow dashes in TLDs again (in the URL validator.)
LP: #1528710
-- LaMont Jones <email address hidden> Mon, 11 Apr 2016 17:30:48 -0600
Available diffs
python-django (1.7.9-1ubuntu5.4) wily-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: updated to final upstream fix. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:48:40 -0500
Available diffs
python-django (1.8.7-1ubuntu4) xenial; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: updated to final upstream fix. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:43:38 -0500
Available diffs
python-django (1.6.1-2ubuntu0.14) trusty-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: updated to final upstream fix. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:50:01 -0500
Available diffs
python-django (1.7.9-1ubuntu5.3) wily-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:06:58 -0500
Available diffs
python-django (1.8.7-1ubuntu3) xenial; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:03:43 -0500
Available diffs
python-django (1.6.1-2ubuntu0.13) trusty-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:07:40 -0500
Available diffs
python-django (1.8.7-1ubuntu2) xenial; urgency=medium
* SECURITY UPDATE: malicious redirect and possible XSS attack via
user-supplied redirect URLs containing basic auth
- debian/patches/CVE-2016-2512.patch: prevent spoofing in
django/utils/http.py, added test to tests/utils_tests/test_http.py.
- CVE-2016-2512
* SECURITY UPDATE: user enumeration through timing difference on password
hasher work factor upgrade
- debian/patches/CVE-2016-2513.patch: fix timing in
django/contrib/auth/hashers.py, added note to
docs/topics/auth/passwords.txt, added tests to
tests/auth_tests/test_hashers.py.
- CVE-2016-2513
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 10:02:48 -0500
Available diffs
python-django (1.3.1-4ubuntu1.20) precise-security; urgency=medium
* SECURITY UPDATE: malicious redirect and possible XSS attack via
user-supplied redirect URLs containing basic auth
- debian/patches/CVE-2016-2512.patch: prevent spoofing in
django/utils/http.py, added test to
django/contrib/auth/tests/views.py.
- CVE-2016-2512
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 15:29:31 -0500
Available diffs
python-django (1.7.9-1ubuntu5.2) wily-security; urgency=medium
* SECURITY UPDATE: malicious redirect and possible XSS attack via
user-supplied redirect URLs containing basic auth
- debian/patches/CVE-2016-2512.patch: prevent spoofing in
django/utils/http.py, added test to tests/utils_tests/test_http.py.
- CVE-2016-2512
* SECURITY UPDATE: user enumeration through timing difference on password
hasher work factor upgrade
- debian/patches/CVE-2016-2513.patch: fix timing in
django/contrib/auth/hashers.py, added note to
docs/topics/auth/passwords.txt, added tests to
django/contrib/auth/tests/test_hashers.py.
- debian/control: added python-mock and python3-mock to Build-Depends
- CVE-2016-2513
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 10:11:15 -0500
Available diffs
python-django (1.6.1-2ubuntu0.12) trusty-security; urgency=medium
* SECURITY UPDATE: malicious redirect and possible XSS attack via
user-supplied redirect URLs containing basic auth
- debian/patches/CVE-2016-2512.patch: prevent spoofing in
django/utils/http.py, added test to tests/utils_tests/test_http.py.
- CVE-2016-2512
* SECURITY UPDATE: user enumeration through timing difference on password
hasher work factor upgrade
- debian/patches/CVE-2016-2513.patch: fix timing in
django/contrib/auth/hashers.py, added note to
docs/topics/auth/passwords.txt, added tests to
django/contrib/auth/tests/test_hashers.py.
- debian/control: added python-mock to Build-Depends
- CVE-2016-2513
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 14:41:20 -0500
Available diffs
python-django (1.8.7-1ubuntu1) xenial; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
- debian/control: Drop python-mysqldb in favor of python-pymysql.
* Dropped changes:
- debian/patches/99_skip_tests_due_python35.diff: no longer required,
python 3.5 is now officially supported in 1.8.6+.
Available diffs
- diff from 1.8.5-2ubuntu1 to 1.8.7-1ubuntu1 (54.0 KiB)
python-django (1.7.6-1ubuntu2.3) vivid-security; urgency=medium
* SECURITY UPDATE: Settings leak possibility in date template filter
- debian/patches/CVE-2015-8213.patch: check format type in
django/utils/formats.py, added test to tests/i18n/tests.py.
- CVE-2015-8213
-- Marc Deslauriers <email address hidden> Wed, 18 Nov 2015 15:13:51 -0500
Available diffs
python-django (1.7.9-1ubuntu5.1) wily-security; urgency=medium
* SECURITY UPDATE: Settings leak possibility in date template filter
- debian/patches/CVE-2015-8213.patch: check format type in
django/utils/formats.py, added test to tests/i18n/tests.py.
- CVE-2015-8213
-- Marc Deslauriers <email address hidden> Wed, 18 Nov 2015 14:42:15 -0500
Available diffs
python-django (1.3.1-4ubuntu1.19) precise-security; urgency=medium
* SECURITY UPDATE: Settings leak possibility in date template filter
- debian/patches/CVE-2015-8213.patch: check format type in
django/utils/formats.py, added test to
tests/regressiontests/i18n/tests.py.
- CVE-2015-8213
-- Marc Deslauriers <email address hidden> Wed, 18 Nov 2015 15:19:37 -0500
Available diffs
| 151 → 225 of 376 results | First • Previous • Next • Last |
