tag 775375 pending
thanks
Hello,
Bug #775375 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=python-modules/packages/python-django.git;a=commitdiff;h=3f5c481
---
commit 3f5c481b72dac398ca22b6d44a0479f199f961c4
Merge: d87b702 b89ad8c
Author: Raphaël Hertzog <[email protected]>
Date: Wed Jan 28 21:48:59 2015 +0100
Merge remote-tracking branch 'origin/debian/wheezy-lfaraone' into
debian/wheezy
Integrate the 1.4.5-1+deb7u8 upload of Luke Faraone that somehow got lost
in this branch.
Conflicts:
debian/changelog
debian/patches/series
diff --cc debian/changelog
index 2c59f9d,38a8623..ab3f283
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,16 -1,13 +1,27 @@@
- python-django (1.4.5-1+deb7u8) stable-security; urgency=medium
++python-django (1.4.5-1+deb7u9) wheezy-security; urgency=high
+
+ * New upstream security release:
+ https://www.djangoproject.com/weblog/2015/jan/13/security/
+ - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
+ - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
+ - Denial-of-service attack against django.views.static.serve
+ (CVE-2015-0221)
++ Closes: #775375
+ * Also include a fix for a regression introduced by the patch for
+ CVE-2015-0221: https://code.djangoproject.com/ticket/24158
+
+ -- Raphaël Hertzog <[email protected]> Wed, 28 Jan 2015 10:24:59 +0100
+
+ python-django (1.4.5-1+deb7u8) wheezy-security; urgency=high
+
+ * New upstream security release.
- - reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
- - file upload denial of service (CVE-2014-0481)
- - RemoteUserMiddleware session hijacking (CVE-2014-0482)
++ - reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
++ - file upload denial of service (CVE-2014-0481)
++ - RemoteUserMiddleware session hijacking (CVE-2014-0482)
+ - data leakage via querystring manipulation in admin (CVE-2014-0483)
+
+ -- Luke Faraone <[email protected]> Wed, 20 Aug 2014 01:46:17 -0700
+
python-django (1.4.5-1+deb7u7) stable-security; urgency=high
* New upstream security release.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]