Change log for python-django package in Ubuntu
151 → 225 of 376 results | First • Previous • Next • Last |
python-django (1:1.11.15-1ubuntu1.3) cosmic-security; urgency=medium * SECURITY UPDATE: Incorrect HTTP detection with reverse-proxy connecting via HTTPS - debian/patches/CVE-2019-12781.patch: made HttpRequest always trusty SECURE_PROXY_SSL_HEADER if set in django/http/request.py, docs/ref/settings.txt and added tests to tests/settings_test/tests.py. - CVE-2019-12781 * SECURITY UPDATE: XSS in Django admin via AdminURLFieldWidget - debian/patches/CVE-2019-12308.patch: made AdminURLFieldWidget validate URL before rendering clickable link in django/contrib/admin/templates/admin/widgets/url.html, django/contrib/admin/widgets.py add test test/admin_widgets/tests.py. - CVE-2019-12308 -- <email address hidden> (Leonidas S. Barbosa) Mon, 24 Jun 2019 13:28:11 -0300
Available diffs
python-django (1:1.11.11-1ubuntu1.4) bionic-security; urgency=medium * SECURITY UPDATE: Incorrect HTTP detection with reverse-proxy connecting via HTTPS - debian/patches/CVE-2019-12781.patch: made HttpRequest always trusty SECURE_PROXY_SSL_HEADER if set in django/http/request.py, docs/ref/settings.txt and added tests to tests/settings_test/tests.py. - CVE-2019-12781 * SECURITY UPDATE: XSS in Django admin via AdminURLFieldWidget - debian/patches/CVE-2019-12308.patch: made AdminURLFieldWidget validate URL before rendering clickable link in django/contrib/admin/templates/admin/widgets/url.html, django/contrib/admin/widgets.py add test test/admin_widgets/tests.py. - CVE-2019-12308 -- <email address hidden> (Leonidas S. Barbosa) Mon, 24 Jun 2019 11:50:51 -0300
Available diffs
python-django (1:1.11.21-1) unstable; urgency=medium * New upstream security release. - CVE-2019-12308: XSS in Django admin via AdminURLFieldWidget (Closes: #929927) -- Luke W Faraone <email address hidden> Wed, 05 Jun 2019 00:07:07 +0000
Available diffs
- diff from 1:1.11.20-1 to 1:1.11.21-1 (5.2 KiB)
python-django (1.8.7-1ubuntu5.8) xenial-security; urgency=medium * SECURITY UPDATE: DoS via memory exhaustion - debian/patches/CVE-2019-6975.patch: limit digits in django/utils/numberformat.py, added tests to tests/utils_tests/test_numberformat.py. - CVE-2019-6975 -- Marc Deslauriers <email address hidden> Tue, 12 Feb 2019 08:55:08 -0500
Available diffs
python-django (1:1.11.11-1ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: DoS via memory exhaustion - debian/patches/CVE-2019-6975.patch: limit digits in django/utils/numberformat.py, added tests to tests/utils_tests/test_numberformat.py. - CVE-2019-6975 -- Marc Deslauriers <email address hidden> Tue, 12 Feb 2019 08:53:30 -0500
Available diffs
python-django (1:1.11.15-1ubuntu1.2) cosmic-security; urgency=medium * SECURITY UPDATE: DoS via memory exhaustion - debian/patches/CVE-2019-6975.patch: limit digits in django/utils/numberformat.py, added tests to tests/utils_tests/test_numberformat.py. - CVE-2019-6975 -- Marc Deslauriers <email address hidden> Tue, 12 Feb 2019 07:54:23 -0500
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
python-django (1:1.11.20-1) unstable; urgency=medium * New upstream security release. - CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format(). (Closes: #922027) -- Chris Lamb <email address hidden> Mon, 11 Feb 2019 19:08:53 +0100
Available diffs
python-django (1.8.7-1ubuntu5.7) xenial-security; urgency=medium * SECURITY UPDATE: content spoofing in the default 404 page - debian/patches/CVE-2019-3498.patch: properly quote string in django/views/defaults.py, add test to tests/handlers/tests.py. - CVE-2019-3498 -- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 13:45:35 -0500
Available diffs
python-django (1:1.11.11-1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: content spoofing in the default 404 page - debian/patches/CVE-2019-3498.patch: properly quote string in django/views/defaults.py, add test to tests/handlers/tests.py. - CVE-2019-3498 -- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 13:41:48 -0500
python-django (1.6.11-0ubuntu1.3) trusty-security; urgency=medium * SECURITY UPDATE: content spoofing in the default 404 page - debian/patches/CVE-2019-3498.patch: properly quote string in django/views/defaults.py. - CVE-2019-3498 -- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 14:00:29 -0500
Available diffs
python-django (1:1.11.15-1ubuntu1.1) cosmic-security; urgency=medium * SECURITY UPDATE: content spoofing in the default 404 page - debian/patches/CVE-2019-3498.patch: properly quote string in django/views/defaults.py, add test to tests/handlers/tests.py. - CVE-2019-3498 -- Marc Deslauriers <email address hidden> Tue, 08 Jan 2019 13:37:05 -0500
Available diffs
python-django (1:1.11.18-1ubuntu2) disco; urgency=medium * Drop Ubuntu delta introduced in 1.7.9-1ubuntu3. - both pymysql and mysqldb are now in main, but the switch seems to be causing a lot of troubles on upstream testsuite https://github.com/django/django/pull/10824 -- Gianfranco Costamagna <email address hidden> Mon, 07 Jan 2019 11:21:03 +0100
Available diffs
Superseded in disco-proposed |
python-django (1:1.11.18-1ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.17-2ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
Superseded in disco-proposed |
python-django (1:1.11.17-2) unstable; urgency=medium * Backport patch from upstream to fix compatibility with SQLite 3.26. (Closes: #915626) -- Chris Lamb <email address hidden> Fri, 07 Dec 2018 14:14:22 +0100
Available diffs
python-django (1:1.11.17-1ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
Superseded in disco-proposed |
python-django (1:1.11.17-1) unstable; urgency=medium * New upstream bugfix release. - https://docs.djangoproject.com/en/stable/releases/1.11.17/ * Drop patches that have been applied upstream: - 0005-Fix-SyntaxError-Generator-expression-must-be-parenth.patch, - 0007-Refs-28814-Fixed-migrations-crash-with-namespace-pac.patch - 0008-Refs-28814-Fixed-test_runner-failure-on-Python-3.7.patch -- Chris Lamb <email address hidden> Mon, 03 Dec 2018 22:34:53 +0100
Available diffs
python-django (1:1.11.16-4ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. - Ignore test results, seems they have been broken since a lot of time, see Debian bug: #891753
Available diffs
Superseded in disco-proposed |
python-django (1:1.11.16-3ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. - Ignore test results, seems they have been broken since a lot of time, see Debian bug: #891753
Available diffs
Superseded in disco-proposed |
python-django (1:1.11.16-3) unstable; urgency=medium * Default to supporting Spatialite >= 4.2. (Closes: #910240) * debian/control: - Update libgdal's SONAME in Suggests. - Add libsqlite3-mod-spatialite to Suggests. -- Chris Lamb <email address hidden> Thu, 04 Oct 2018 10:38:34 +0100
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
python-django (1:1.11.15-1ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. - Ignore test results, seems they have been broken since a lot of time, see Debian bug: #891753
Available diffs
Superseded in cosmic-proposed |
python-django (1:1.11.15-1) unstable; urgency=medium * New upstream security release. - CVE-2018-14574: Open redirect possibility in CommonMiddleware. (Closes: #905216) -- Chris Lamb <email address hidden> Wed, 01 Aug 2018 23:06:03 +0800
Available diffs
python-django (1:1.11.11-1ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: open redirect possibility in CommonMiddleware - debian/patches/CVE-2018-14574.patch: escape leading slashes in django/middleware/common.py, django/urls/resolvers.py, django/utils/http.py, tests/middleware/tests.py, tests/middleware/urls.py, tests/utils_tests/test_http.py. - CVE-2018-14574 -- Marc Deslauriers <email address hidden> Thu, 26 Jul 2018 08:18:03 -0400
Available diffs
python-django (1:1.11.14-1ubuntu2) cosmic; urgency=medium * Ignore test results, seems they have been broken since a lot of time, see Debian bug: #891753 -- Gianfranco Costamagna <email address hidden> Tue, 03 Jul 2018 12:04:18 +0200
Available diffs
Superseded in cosmic-proposed |
python-django (1:1.11.14-1ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
Superseded in cosmic-proposed |
python-django (1:1.11.13-2ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.13-1ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
python-django (1:1.11.11-1ubuntu1) bionic; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1.8.7-1ubuntu5.6) xenial-security; urgency=medium * SECURITY UPDATE: DoS in urlize and urlizetrunc template filters - debian/patches/CVE-2018-7536.patch: fix backtracking in django/utils/html.py, add test to tests/utils_tests/test_html.py. - CVE-2018-7536 * SECURITY UPDATE: DoS in truncatechars_html and truncatewords_html template filters - debian/patches/CVE-2018-7537.patch: fix backtracking in django/utils/text.py, add test to tests/utils_tests/test_text.py. - CVE-2018-7537 -- Marc Deslauriers <email address hidden> Mon, 05 Mar 2018 15:32:46 +0100
Available diffs
python-django (1.6.11-0ubuntu1.2) trusty-security; urgency=medium * SECURITY UPDATE: DoS in urlize and urlizetrunc template filters - debian/patches/CVE-2018-7536.patch: fix backtracking in django/utils/html.py, add test to tests/utils_tests/test_html.py. - CVE-2018-7536 * SECURITY UPDATE: DoS in truncatechars_html and truncatewords_html template filters - debian/patches/CVE-2018-7537.patch: fix backtracking in django/utils/text.py, add test to tests/utils_tests/test_text.py. - CVE-2018-7537 -- Marc Deslauriers <email address hidden> Mon, 05 Mar 2018 15:52:37 +0100
Available diffs
python-django (1:1.11.4-1ubuntu1.2) artful-security; urgency=medium * SECURITY UPDATE: DoS in urlize and urlizetrunc template filters - debian/patches/CVE-2018-7536.patch: fix backtracking in django/utils/html.py, add test to tests/utils_tests/test_html.py. - CVE-2018-7536 * SECURITY UPDATE: DoS in truncatechars_html and truncatewords_html template filters - debian/patches/CVE-2018-7537.patch: fix backtracking in django/utils/text.py, add test to tests/utils_tests/test_text.py. - CVE-2018-7537 -- Marc Deslauriers <email address hidden> Mon, 05 Mar 2018 14:32:00 +0100
Available diffs
Superseded in bionic-proposed |
python-django (1:1.11.10-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.4-1ubuntu1.1) artful-security; urgency=medium * SECURITY UPDATE: cross-site scripting attack - debian/patches/CVE-2017-12794.patch: Fixed XSS possibility in traceback section of technical 500 debug page in django/views/debug.py, tests/view_tests/tests/py3_test_debug.py. - CVE-2017-12794 * SECURITY UPDATE: AuthenticationForm issue allowed obtain potentially sensitive informations - debian/patches/CVE-2018-6188.patch: this backport added just a test that was missing, major part of the code original patcha and the package were already applied in the package. Test add in test/auth_tests/test_forms.py. - CVE-2018-6188 -- <email address hidden> (Leonidas S. Barbosa) Tue, 06 Feb 2018 10:18:21 -0300
Available diffs
python-django (1:1.11.9-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.6-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
python-django (1:1.11.4-1ubuntu1) artful; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql.
Available diffs
python-django (1:1.11.3-1ubuntu1) artful; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. * All other changes dropped, as they were backports of upstream fixes.
Available diffs
Superseded in artful-proposed |
python-django (1:1.11.2-2ubuntu1) artful; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. * All other changes dropped, as they were backports of upstream fixes.
Available diffs
python-django (1:1.10.7-2ubuntu2) artful; urgency=medium * d/p/0001-Refs-27025-Fixed-tests-for-the-new-ModuleNotFoundErr.patch, d/p/0001-Refs-27025-Fixed-a-test-for-the-new-re.RegexFlag-in-.patch, d/p/0001-Refs-27025-Fixed-a-timezone-test-for-Python-3.6.patch, d/p/0001-Refs-27025-Fixed-a-servers-test-on-Python-3.6.patch: fix tests for compatibility with python 3.6. -- Steve Langasek <email address hidden> Sat, 17 Jun 2017 23:33:25 -0700
Available diffs
Superseded in artful-proposed |
python-django (1:1.10.7-2ubuntu1) artful; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. * All other changes dropped, as they were backports of upstream fixes.
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
python-django (1.8.7-1ubuntu11) zesty; urgency=medium * SECURITY UPDATE: Open redirect and possible XSS attack via user-supplied numeric redirect URLs - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric URLs in django/utils/http.py, added tests to tests/utils_tests/test_http.py. - CVE-2017-7233 * SECURITY UPDATE: Open redirect vulnerability in django.views.static.serve() - debian/patches/CVE-2017-7234.patch: remove redirect from django/views/static.py. - CVE-2017-7234 -- Marc Deslauriers <email address hidden> Mon, 03 Apr 2017 10:32:55 -0400
Available diffs
python-django (1.8.7-1ubuntu10) zesty; urgency=medium * debian/patches/fix_ftbfs.patch: remove deprecated html_translator_class sphinx config option in docs/_ext/djangodocs.py, docs/conf.py. -- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 19:01:14 -0400
Available diffs
python-django (1.3.1-4ubuntu1.23) precise-security; urgency=medium * SECURITY UPDATE: Open redirect and possible XSS attack via user-supplied numeric redirect URLs - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric URLs in django/utils/http.py, added tests to tests/regressiontests/utils/http.py. - CVE-2017-7233 * SECURITY UPDATE: Open redirect vulnerability in django.views.static.serve() - debian/patches/CVE-2017-7234.patch: remove redirect from django/views/static.py. - CVE-2017-7234 -- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:49:05 -0400
Available diffs
python-django (1.8.7-1ubuntu5.5) xenial-security; urgency=medium * SECURITY UPDATE: Open redirect and possible XSS attack via user-supplied numeric redirect URLs - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric URLs in django/utils/http.py, added tests to tests/utils_tests/test_http.py. - CVE-2017-7233 * SECURITY UPDATE: Open redirect vulnerability in django.views.static.serve() - debian/patches/CVE-2017-7234.patch: remove redirect from django/views/static.py. - CVE-2017-7234 -- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:34:09 -0400
Available diffs
python-django (1.6.11-0ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: Open redirect and possible XSS attack via user-supplied numeric redirect URLs - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric URLs in django/utils/http.py, added tests to tests/utils_tests/test_http.py. - CVE-2017-7233 * SECURITY UPDATE: Open redirect vulnerability in django.views.static.serve() - debian/patches/CVE-2017-7234.patch: remove redirect from django/views/static.py. - CVE-2017-7234 -- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:38:12 -0400
Available diffs
python-django (1.8.7-1ubuntu8.2) yakkety-security; urgency=medium * SECURITY UPDATE: Open redirect and possible XSS attack via user-supplied numeric redirect URLs - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric URLs in django/utils/http.py, added tests to tests/utils_tests/test_http.py. - CVE-2017-7233 * SECURITY UPDATE: Open redirect vulnerability in django.views.static.serve() - debian/patches/CVE-2017-7234.patch: remove redirect from django/views/static.py. - CVE-2017-7234 -- Marc Deslauriers <email address hidden> Wed, 29 Mar 2017 07:32:39 -0400
Available diffs
python-django (1.6.11-0ubuntu1) trusty; urgency=medium * Update to final upstream 1.6 microrelease (LP: #1644346) * Drop patches included upstream: - debian/patches/07_translation_encoding_fix.diff, ticket21869.diff, CVE-2014-0472.patch, CVE-2014-0473.patch, CVE-2014-0474.patch, CVE-2014-0472-regression.patch, drop_fix_ie_for_vary_1_6.diff, is_safe_url_1_6.diff, CVE-2014-0480.patch, CVE-2014-0481.patch, CVE-2014-0482.patch, CVE-2014-0483.patch, CVE-2014-0483-bug23329.patch, CVE-2014-0483-bug23431.patch, CVE-2015-0219.patch, CVE-2015-0220.patch, CVE-2015-0221.patch, CVE-2015-0222.patch, CVE-2015-2316.patch, and CVE-2015-2317.patch -- Scott Kitterman <email address hidden> Wed, 23 Nov 2016 14:41:31 -0500
Available diffs
python-django (1.8.7-1ubuntu9) zesty; urgency=medium * SECURITY UPDATE: user with hardcoded password created when running tests on Oracle - debian/patches/CVE-2016-9013.patch: remove hardcoded password in django/db/backends/oracle/creation.py, added note to docs/ref/settings.txt. - CVE-2016-9013 * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in django/http/request.py, updated docs/ref/settings.txt, added test to tests/requests/tests.py. - CVE-2016-9014 -- Marc Deslauriers <email address hidden> Tue, 01 Nov 2016 14:46:03 -0400
Available diffs
python-django (1.6.1-2ubuntu0.16) trusty-security; urgency=medium * SECURITY UPDATE: user with hardcoded password created when running tests on Oracle - debian/patches/CVE-2016-9013.patch: remove hardcoded password in django/db/backends/oracle/creation.py, added note to docs/ref/settings.txt. - CVE-2016-9013 * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in django/http/request.py, updated docs/ref/settings.txt, added test to tests/requests/tests.py. - CVE-2016-9014 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 10:14:20 -0400
Available diffs
python-django (1.3.1-4ubuntu1.22) precise-security; urgency=medium * SECURITY UPDATE: user with hardcoded password created when running tests on Oracle - debian/patches/CVE-2016-9013.patch: remove hardcoded password in django/db/backends/oracle/creation.py, added note to docs/ref/settings.txt. - CVE-2016-9013 * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in django/http/__init__.py, updated docs/ref/settings.txt, added test to tests/regressiontests/requests/tests.py. - CVE-2016-9014 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 10:31:12 -0400
Available diffs
python-django (1.8.7-1ubuntu5.4) xenial-security; urgency=medium * SECURITY UPDATE: user with hardcoded password created when running tests on Oracle - debian/patches/CVE-2016-9013.patch: remove hardcoded password in django/db/backends/oracle/creation.py, added note to docs/ref/settings.txt. - CVE-2016-9013 * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in django/http/request.py, updated docs/ref/settings.txt, added test to tests/requests/tests.py. - CVE-2016-9014 * This update does _not_ contain the changes from 1.8.7-1ubuntu5.3 in xenial-proposed. -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 09:57:03 -0400
Available diffs
python-django (1.8.7-1ubuntu8.1) yakkety-security; urgency=medium * SECURITY UPDATE: user with hardcoded password created when running tests on Oracle - debian/patches/CVE-2016-9013.patch: remove hardcoded password in django/db/backends/oracle/creation.py, added note to docs/ref/settings.txt. - CVE-2016-9013 * SECURITY UPDATE: DNS rebinding vulnerability when DEBUG=True - debian/patches/CVE-2016-9014.patch: properly check ALLOWED_HOSTS in django/http/request.py, updated docs/ref/settings.txt, added test to tests/requests/tests.py. - CVE-2016-9014 -- Marc Deslauriers <email address hidden> Mon, 31 Oct 2016 09:22:27 -0400
Available diffs
Deleted in xenial-proposed (Reason: moved to -updates) |
python-django (1.8.7-1ubuntu5.3) xenial; urgency=medium * Backport upstream fix for ipv6-formatted ipv4 addresses (LP: #1611923) -- Jon Grimm <email address hidden> Wed, 28 Sep 2016 14:27:53 -0500
Available diffs
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
python-django (1.8.7-1ubuntu8) yakkety; urgency=medium * SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics - debian/patches/CVE-2016-7401.patch: simplify cookie parsing in django/http/cookie.py, add tests to tests/httpwrappers/tests.py, tests/requests/tests.py. - CVE-2016-7401 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2016 10:10:04 -0400
Available diffs
python-django (1.3.1-4ubuntu1.21) precise-security; urgency=medium * SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics - debian/patches/CVE-2016-7401.patch: simplify cookie parsing in django/http/__init__.py, add tests to tests/regressiontests/httpwrappers/tests.py, tests/regressiontests/requests/tests.py. - CVE-2016-7401 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:45:02 -0400
Available diffs
python-django (1.6.1-2ubuntu0.15) trusty-security; urgency=medium * SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics - debian/patches/CVE-2016-7401.patch: simplify cookie parsing in django/http/cookie.py, add tests to tests/httpwrappers/tests.py, tests/requests/tests.py. - CVE-2016-7401 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:36:53 -0400
Available diffs
- diff from 1.6.1-2ubuntu0.14 (in ~ubuntu-security-proposed/ubuntu/ppa) to 1.6.1-2ubuntu0.15 (3.0 KiB)
- diff from 1.6.1-2ubuntu0.12 to 1.6.1-2ubuntu0.15 (pending)
python-django (1.8.7-1ubuntu5.2) xenial-security; urgency=medium * SECURITY UPDATE: CSRF protection bypass on a site with Google Analytics - debian/patches/CVE-2016-7401.patch: simplify cookie parsing in django/http/cookie.py, add tests to tests/httpwrappers/tests.py, tests/requests/tests.py. - CVE-2016-7401 -- Marc Deslauriers <email address hidden> Mon, 26 Sep 2016 07:29:01 -0400
Available diffs
- diff from 1.8.7-1ubuntu5.1 to 1.8.7-1ubuntu5.2 (pending)
python-django (1.8.7-1ubuntu7) yakkety; urgency=medium * Backport upstream fix for ipv6-formatted ipv4 addresses (LP: #1611923) -- Jon Grimm <email address hidden> Thu, 15 Sep 2016 23:14:29 -0500
Available diffs
python-django (1.8.7-1ubuntu6) yakkety; urgency=medium * SECURITY UPDATE: XSS in admin's add/change related popup - debian/patches/CVE-2016-6186.patch: change to text in django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js, django/views/debug.py, added to tests in tests/admin_views/admin.py, tests/admin_views/models.py, tests/admin_views/tests.py. - CVE-2016-6186 -- Marc Deslauriers <email address hidden> Tue, 19 Jul 2016 07:56:43 -0400
Available diffs
python-django (1.8.7-1ubuntu5.1) xenial-security; urgency=medium * SECURITY UPDATE: XSS in admin's add/change related popup - debian/patches/CVE-2016-6186.patch: change to text in django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js, django/views/debug.py, added to tests in tests/admin_views/admin.py, tests/admin_views/models.py, tests/admin_views/tests.py. - CVE-2016-6186 -- Marc Deslauriers <email address hidden> Tue, 19 Jul 2016 07:56:43 -0400
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
python-django (1.8.7-1ubuntu5) xenial; urgency=medium * Backport b1afebf882db5296cd9dcea26ee66d5250922e53 for ticket 26204 from upstream (1.8.10) to allow dashes in TLDs again (in the URL validator.) LP: #1528710 -- LaMont Jones <email address hidden> Mon, 11 Apr 2016 17:30:48 -0600
Available diffs
python-django (1.7.9-1ubuntu5.4) wily-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: updated to final upstream fix. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:48:40 -0500
Available diffs
python-django (1.8.7-1ubuntu4) xenial; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: updated to final upstream fix. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:43:38 -0500
Available diffs
python-django (1.6.1-2ubuntu0.14) trusty-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: updated to final upstream fix. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 08:50:01 -0500
Available diffs
python-django (1.7.9-1ubuntu5.3) wily-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:06:58 -0500
Available diffs
python-django (1.8.7-1ubuntu3) xenial; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:03:43 -0500
Available diffs
python-django (1.6.1-2ubuntu0.13) trusty-security; urgency=medium * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 11:07:40 -0500
Available diffs
python-django (1.8.7-1ubuntu2) xenial; urgency=medium * SECURITY UPDATE: malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth - debian/patches/CVE-2016-2512.patch: prevent spoofing in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 * SECURITY UPDATE: user enumeration through timing difference on password hasher work factor upgrade - debian/patches/CVE-2016-2513.patch: fix timing in django/contrib/auth/hashers.py, added note to docs/topics/auth/passwords.txt, added tests to tests/auth_tests/test_hashers.py. - CVE-2016-2513 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 10:02:48 -0500
Available diffs
python-django (1.3.1-4ubuntu1.20) precise-security; urgency=medium * SECURITY UPDATE: malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth - debian/patches/CVE-2016-2512.patch: prevent spoofing in django/utils/http.py, added test to django/contrib/auth/tests/views.py. - CVE-2016-2512 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 15:29:31 -0500
Available diffs
python-django (1.7.9-1ubuntu5.2) wily-security; urgency=medium * SECURITY UPDATE: malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth - debian/patches/CVE-2016-2512.patch: prevent spoofing in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 * SECURITY UPDATE: user enumeration through timing difference on password hasher work factor upgrade - debian/patches/CVE-2016-2513.patch: fix timing in django/contrib/auth/hashers.py, added note to docs/topics/auth/passwords.txt, added tests to django/contrib/auth/tests/test_hashers.py. - debian/control: added python-mock and python3-mock to Build-Depends - CVE-2016-2513 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 10:11:15 -0500
Available diffs
python-django (1.6.1-2ubuntu0.12) trusty-security; urgency=medium * SECURITY UPDATE: malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth - debian/patches/CVE-2016-2512.patch: prevent spoofing in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 * SECURITY UPDATE: user enumeration through timing difference on password hasher work factor upgrade - debian/patches/CVE-2016-2513.patch: fix timing in django/contrib/auth/hashers.py, added note to docs/topics/auth/passwords.txt, added tests to django/contrib/auth/tests/test_hashers.py. - debian/control: added python-mock to Build-Depends - CVE-2016-2513 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2016 14:41:20 -0500
Available diffs
python-django (1.8.7-1ubuntu1) xenial; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. - debian/control: Drop python-mysqldb in favor of python-pymysql. * Dropped changes: - debian/patches/99_skip_tests_due_python35.diff: no longer required, python 3.5 is now officially supported in 1.8.6+.
Available diffs
- diff from 1.8.5-2ubuntu1 to 1.8.7-1ubuntu1 (54.0 KiB)
python-django (1.7.6-1ubuntu2.3) vivid-security; urgency=medium * SECURITY UPDATE: Settings leak possibility in date template filter - debian/patches/CVE-2015-8213.patch: check format type in django/utils/formats.py, added test to tests/i18n/tests.py. - CVE-2015-8213 -- Marc Deslauriers <email address hidden> Wed, 18 Nov 2015 15:13:51 -0500
Available diffs
python-django (1.7.9-1ubuntu5.1) wily-security; urgency=medium * SECURITY UPDATE: Settings leak possibility in date template filter - debian/patches/CVE-2015-8213.patch: check format type in django/utils/formats.py, added test to tests/i18n/tests.py. - CVE-2015-8213 -- Marc Deslauriers <email address hidden> Wed, 18 Nov 2015 14:42:15 -0500
Available diffs
python-django (1.3.1-4ubuntu1.19) precise-security; urgency=medium * SECURITY UPDATE: Settings leak possibility in date template filter - debian/patches/CVE-2015-8213.patch: check format type in django/utils/formats.py, added test to tests/regressiontests/i18n/tests.py. - CVE-2015-8213 -- Marc Deslauriers <email address hidden> Wed, 18 Nov 2015 15:19:37 -0500
Available diffs
151 → 225 of 376 results | First • Previous • Next • Last |