Publishing details
Changelog
python-django (1.7.9-1ubuntu1~ubuntu14.04.1~ppa1) trusty; urgency=medium
* No-change backport to trusty
python-django (1.7.9-1ubuntu1) wily; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/99_fix_multipart_base64_decoding_large_files.patch:
Fix Multipart base64 file decoding with large files ensuring that the
actual base64 content has a length a multiple of 4.
* Removed patches included in new version:
- debian/patches/fix_sqlite_ftbfs.patch
- debian/patches/fix_ftbfs_python2710.patch
python-django (1.7.9-1) unstable; urgency=medium
* New upstream security release:
https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
It fixes:
- CVE-2015-5143: possible denial-of-service by filling session store
- CVE-2015-5144: possible header injection since validators accept
newlines in input
python-django (1.7.7-1ubuntu1) wily; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/99_fix_multipart_base64_decoding_large_files.patch:
Fix Multipart base64 file decoding with large files ensuring that the
actual base64 content has a length a multiple of 4.
* Removed patches included in new version:
- debian/patches/CVE-2015-2316.patch
- debian/patches/CVE-2015-2317.patch
* debian/patches/fix_sqlite_ftbfs.patch: fix FTBFS with newer SQLite.
* debian/patches/fix_ftbfs_python2710.patch: fix FTBFS with newer python.
python-django (1.7.7-1) unstable; urgency=high
* New upstream security and bugfix release:
https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
It fixes:
- CVE-2015-2317: possible XSS attack via user-supplied redirect URLs
Closes: #780873
- CVE-2015-2316: Denial-of-service possibility with strip_tags()
Closes: #780874
python-django (1.7.6-1ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: denial-of-service possibility with strip_tags
- debian/patches/CVE-2015-2316.patch: fix infinite loop possibility
in django/utils/html.py, added test to
tests/utils_tests/test_html.py.
- CVE-2015-2316
* SECURITY UPDATE: XSS attack via user-supplied redirect URLs
- debian/patches/CVE-2015-2317.patch: reject URLs that start with
control characters in django/utils/http.py, added test to
tests/utils_tests/test_http.py.
- CVE-2015-2317
python-django (1.7.6-1ubuntu1) vivid; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/99_fix_multipart_base64_decoding_large_files.patch:
Fix Multipart base64 file decoding with large files ensuring that the
actual base64 content has a length a multiple of 4.
python-django (1.7.6-1) unstable; urgency=high
* New upstream security release:
https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
* Fixes CVE-2015-2241: XSS attack via properties in
ModelAdmin.readonly_fields
python-django (1.7.5-1) unstable; urgency=medium
[ Chris Lamb ]
* Remove myself from Uploaders.
[ Raphaël Hertzog ]
* New upstream bugfix release:
https://docs.djangoproject.com/en/1.7/releases/1.7.5/
python-django (1.7.4-1ubuntu1) vivid; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/99_fix_multipart_base64_decoding_large_files.patch:
Fix Multipart base64 file decoding with large files ensuring that the
actual base64 content has a length a multiple of 4.
python-django (1.7.4-1) unstable; urgency=medium
* Release to unstable and hopefully to Jessie too.
python-django (1.7.4-1~exp1) experimental; urgency=medium
* New upstream bugfix release.
* Drop fix-24193-python34-test-failure.diff, merged upstream.
python-django (1.7.3-1~exp1) experimental; urgency=high
[ Luke Faraone ]
* New upstream security release.
- WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
- Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
- DoS attack against django.views.static.serve (CVE-2015-0221)
- Database DoS with ModelMultipleChoiceField (CVE-2015-0222)
Closes: #775375
[ Raphaël Hertzog ]
* Add patch fix-24193-python34-test-failure.diff to fix a test failure with
Python3.4.
python-django (1.7.2-1) experimental; urgency=medium
[ Raphaël Hertzog ]
* Add geoip-database-extra as an alternative to geoip-database-contrib.
[ Brian May ]
* New upstream version.
python-django (1.7.1-1) unstable; urgency=medium
[ Raphaël Hertzog ]
* New upstream bugfix release.
* Drop 01_fix_test_loaddata_not_existant_fixture_file.patch, merged
upstream.
* Update Standards-Version to 3.9.6.
* Add lintian overrides for package-contains-timestamped-gzip (false
positive).
[ Brian May ]
* Fix django-admin wrapper to not even consider using python 2.6 as
that version is unsupported with Django 1.7.
python-django (1.7-3) unstable; urgency=medium
* Add 01_fix_test_loaddata_not_existant_fixture_file.patch
to fix FTBFS with Python 3.4.2. Closes: #765117
* Improve migrate-south script to look for Python files in the current dir.
./manage.py implicitely has the current directory but when we use
django-admin it's not the case. Thanks to Uwe Kleine-Koenig for the
report.
python-django (1.7-2) unstable; urgency=medium
* Release to unstable.
* Add a migrate-south sample script to help users apply their South
migrations. Thanks to Brian May.
python-django (1.7-1) experimental; urgency=medium
* New major upstream release.
* Add a NEWS file to document the incompatibility with South.
python-django (1.7~c3-1) experimental; urgency=medium
* New upstream release candidate with security fixes:
https://www.djangoproject.com/weblog/2014/aug/20/security/
python-django (1.7~c2-2) experimental; urgency=medium
* Merge changes from 1.6.5-4:
* Don't output stuff to stdout in django-admin. Closes: #757145
* Update Vcs-* fields since the packaging repository moved to git.
python-django (1.7~c2-1) experimental; urgency=medium
* New upstream release candidate.
python-django (1.7~c1+20140722-2) experimental; urgency=medium
* Move django-admin manual page in python-django-common. Bump version
constraint in Breaks/Replaces accordingly.
* Drop conflicting django-admin in python-django and python3-django that
were not removed as usual because upstream stopped installing them as
django-admin.py.
* Drop extra license files.
* Fix shebang lines in python3-django.
* Drop empty left-over /usr/bin directories in python-django/python3-django.
python-django (1.7~c1+20140722-1) experimental; urgency=medium
* New upstream release candidate. We want this version in jessie so we
should prepare now.
* Snapshot tarball generated with "python setup.py sdist" after having
applied fix submitted in https://code.djangoproject.com/ticket/23072
* Added python-sqlparse, python-tz to Recommends
* Added other optional dependencies (python-memcache, python-pil,
python-bcrypt) to Suggests
* Add all those dependencies in Build-Depends for the benefit of the
test suite.
* Run the test suite for python2 and python3.
* Differentiate descriptions of python2 and python3 packages.
python-django (1.6.6-1ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: WSGI header spoofing via underscore/dash conflation
- debian/patches/CVE-2015-0219.patch: strip headers with underscores in
django/core/servers/basehttp.py, added blurb to
docs/howto/auth-remote-user.txt, added test to
tests/servers/test_basehttp.py.
- CVE-2015-0219
* SECURITY UPDATE: Mitigated possible XSS attack via user-supplied
redirect URLs
- debian/patches/CVE-2015-0220.patch: filter url in
django/utils/http.py, added test to tests/utils_tests/test_http.py.
- CVE-2015-0220
* SECURITY UPDATE: Denial-of-service attack against
django.views.static.serve
- debian/patches/CVE-2015-0221.patch: limit large files in
django/views/static.py, added test to
tests/view_tests/media/long-line.txt,
tests/view_tests/tests/test_static.py.
- CVE-2015-0221
* SECURITY UPDATE: Database denial-of-service with
ModelMultipleChoiceField
- debian/patches/CVE-2015-0222.patch: check values in
django/forms/models.py, added test to tests/model_forms/tests.py.
- CVE-2015-0222
python-django (1.6.6-1ubuntu2) utopic; urgency=medium
* debian/patches/fix_test_encoding.patch: Fix test encoding headers,
otherwise it FTBFS.
python-django (1.6.6-1ubuntu1) utopic; urgency=medium
* debian/patches/99_fix_multipart_base64_decoding_large_files.patch:
Fix Multipart base64 file decoding with large files ensuring that the
actual base64 content has a length a multiple of 4. (LP: #1363348)
python-django (1.6.6-1) unstable; urgency=high
* New upstream security release.
- reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
- file upload denial of service (CVE-2014-0481)
- RemoteUserMiddleware session hijacking (CVE-2014-0482)
- data leakage via querystring manipulation in admin (CVE-2014-0483)
[ Brian May ]
* Don't output stuff to stdout in django-admin. Closes: #757145
[ Raphaël Hertzog ]
* Update Vcs-* fields since the packaging repository moved to git.
python-django (1.6.5-3) unstable; urgency=low
* Replace django-admin with script that can be run as python and shell.
This means we can autodetect which python version to use when run as
shell, while maintaining compatability with processes that try to run it
with a specific python version.
e.g. See bugs #755341 and #755321.
python-django (1.6.5-2) unstable; urgency=low
* python3-django package. Closes: #736878.
python-django (1.6.5-1) unstable; urgency=high
* New upstream security release.
- Caches may be allowed to store and serve private data (CVE-2014-1418)
- Malformed URLs from user input incorrectly validated
* Drop partial_functions_reverse.patch (merged upstream).
python-django (1.6.3-2) unstable; urgency=high
* Fix regression of reverse() and partial views. (LP: #1311433)
Thanks Preston Timmons.
python-django (1.6.3-1) unstable; urgency=high
* New upstream security release.
- Unexpected code execution using ``reverse()``
- CVE-2014-0472
- Caching of anonymous pages could reveal CSRF token
- CVE-2014-0473
- MySQL typecasting could result in unexpected matches
- CVE-2014-0474
* Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
upstream
-- Christopher Hoskin <email address hidden> Wed, 29 Jul 2015 04:11:47 +0100
Builds
Built packages
-
python-django
High-level Python web development framework (Python 2 version)
-
python-django-common
High-level Python web development framework (common)
-
python-django-doc
High-level Python web development framework (documentation)
-
python3-django
High-level Python web development framework (Python 3 version)
Package files