[ubuntu/utopic-proposed] python-django 1.6.6-1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Sep 9 17:05:10 UTC 2014
python-django (1.6.6-1) unstable; urgency=high
* New upstream security release.
- reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
- file upload denial of service (CVE-2014-0481)
- RemoteUserMiddleware session hijacking (CVE-2014-0482)
- data leakage via querystring manipulation in admin (CVE-2014-0483)
[ Brian May ]
* Don't output stuff to stdout in django-admin. Closes: #757145
[ Raphaël Hertzog ]
* Update Vcs-* fields since the packaging repository moved to git.
Date: 2014-08-21 10:25:32.169903+00:00
Changed-By: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/utopic/+source/python-django/1.6.6-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Utopic-changes
mailing list