[ubuntu/lucid-security] python-django_1.1.1-2ubuntu1.3_i386_translations.tar.gz (delayed), python-django 1.1.1-2ubuntu1.3 (Accepted)

[Ubuntu Installer]

python-django (1.1.1-2ubuntu1.3) lucid-security; urgency=low

  * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
    - debian/patches/10_CVE-2011-0696.diff: apply full CSRF validation to all
      requests, regardless of apparent AJAX origin. This is technically
      backwards-incompatible, but the security risks have been judged to
      outweigh the compatibility concerns in this case. See the Django project
      notes for more information:
      http://www.djangoproject.com/weblog/2011/feb/08/security/
    - CVE-2011-0696
  * SECURITY UPDATE: potential XSS in file field rendering
    - debian/patches/11_CVE-2011-0697.diff: properly escape URL in
      django/contrib/admin/widgets.py
    - CVE-2011-0697

Date: Tue, 15 Feb 2011 17:11:08 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/python-django/1.1.1-2ubuntu1.3
-------------- next part --------------
Format: 1.8
Date: Tue, 15 Feb 2011 17:11:08 -0600
Source: python-django
Binary: python-django python-django-doc
Architecture: source
Version: 1.1.1-2ubuntu1.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Launchpad-Bugs-Fixed: 719031
Changes: 
 python-django (1.1.1-2ubuntu1.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: flaw in CSRF handling (LP: #719031)
     - debian/patches/10_CVE-2011-0696.diff: apply full CSRF validation to all
       requests, regardless of apparent AJAX origin. This is technically
       backwards-incompatible, but the security risks have been judged to
       outweigh the compatibility concerns in this case. See the Django project
       notes for more information:
       http://www.djangoproject.com/weblog/2011/feb/08/security/
     - CVE-2011-0696
   * SECURITY UPDATE: potential XSS in file field rendering
     - debian/patches/11_CVE-2011-0697.diff: properly escape URL in
       django/contrib/admin/widgets.py
     - CVE-2011-0697
Checksums-Sha1: 
 d28769717e144aec693d1e59248cdcfb400aca19 2215 python-django_1.1.1-2ubuntu1.3.dsc
 bfde784bbb42c5374a25d435e4952b3f5003656b 46514 python-django_1.1.1-2ubuntu1.3.diff.gz
Checksums-Sha256: 
 3a6ea8212c42fd083056b58f456af04eaf067044798aa1fa815498a2650aefed 2215 python-django_1.1.1-2ubuntu1.3.dsc
 b818178155392f59b785cdaea185c109d4b0bdaa13525b533790819a826ee260 46514 python-django_1.1.1-2ubuntu1.3.diff.gz
Files: 
 4de71582b629ed7c3fe5c3334e1d98aa 2215 python optional python-django_1.1.1-2ubuntu1.3.dsc
 cdf31c55963b3a900c532a56ad14ba54 46514 python optional python-django_1.1.1-2ubuntu1.3.diff.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>