* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
- debian/patches/CVE-2013-1443.patch: enforce a maximum password length
in django/contrib/auth/forms.py, django/contrib/auth/models.py,
django/contrib/auth/tests/basic.py.
- CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
- debian/patches/CVE-2013-4315.patch: properly check absolute path in
django/template/defaulttags.py,
tests/regressiontests/templates/tests.py,
tests/regressiontests/templates/templates/*.
- CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
- debian/patches/security-is_safe_url.patch: properly reject URLs which
specify a scheme other then HTTP or HTTPS.
- https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
- No CVE number
-- Marc Deslauriers <email address hidden> Fri, 20 Sep 2013 09:33:23 -0400
This bug was fixed in the package python-django - 1.1.1-2ubuntu1.9
---------------
python-django (1.1.1-2ubuntu1.9) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via long passwords (LP: #1225784) patches/ CVE-2013- 1443.patch: enforce a maximum password length contrib/ auth/forms. py, django/ contrib/ auth/models. py, contrib/ auth/tests/ basic.py. patches/ CVE-2013- 4315.patch: properly check absolute path in template/ defaulttags. py, regressiontests /templates/ tests.py, regressiontests /templates/ templates/ *. patches/ security- is_safe_ url.patch: properly reject URLs which /www.djangoproj ect.com/ weblog/ 2013/aug/ 13/security- releases- issued/
- debian/
in django/
django/
- CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
- debian/
django/
tests/
tests/
- CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
- debian/
specify a scheme other then HTTP or HTTPS.
- https:/
- No CVE number
-- Marc Deslauriers <email address hidden> Fri, 20 Sep 2013 09:33:23 -0400