[Bug 1417274] [NEW] CVE-2015-0221 backport broke serving static content through GZipMiddleware
Nelson Elhage
nelhage at nelhage.com
Mon Feb 2 21:16:46 UTC 2015
Public bug reported:
Ubuntu backported the CVE-2015-0221 fix, which makes
`django.views.static.serve` stream file contents. However,
https://github.com/django/django/commit/1e39d0f6280abf34c7719db5e7ed1c333f5e5919
was not backported, and without that fix, the Django GZipMiddleware is
unable to handle streaming content, breaking django applications that
combine static file serving with the gzip middleware. See upstream bug
https://code.djangoproject.com/ticket/24158 for more information.
** Affects: python-django (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-django in Ubuntu.
https://bugs.launchpad.net/bugs/1417274
Title:
CVE-2015-0221 backport broke serving static content through
GZipMiddleware
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1417274/+subscriptions
More information about the Ubuntu-server-bugs
mailing list