Ubuntu
python-django package

Sync python-django 1.6.5-1 (main) from Debian sid (main)

Bug #1323929 reported by Andrew Starr-Bochicchio
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-django (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync python-django 1.6.5-1 (main) from Debian sid (main)

Explanation of the Ubuntu delta and why it can be dropped:
  All Ubuntu patches are backports from upstream. This release contains
  them all.

Changelog entries since current utopic version 1.6.1-2ubuntu0.3:

python-django (1.6.5-1) unstable; urgency=high

  * New upstream security release.
   - Caches may be allowed to store and serve private data (CVE-2014-1418)
   - Malformed URLs from user input incorrectly validated
  * Drop partial_functions_reverse.patch (merged upstream).

 -- Raphaël Hertzog <email address hidden> Wed, 14 May 2014 22:49:59 +0200

python-django (1.6.3-2) unstable; urgency=high

  * Fix regression of reverse() and partial views. (LP: #1311433)
    Thanks Preston Timmons.

 -- Luke Faraone <email address hidden> Tue, 22 Apr 2014 20:44:18 -0700

python-django (1.6.3-1) unstable; urgency=high

  * New upstream security release.
    - Unexpected code execution using ``reverse()``
    - CVE-2014-0472
    - Caching of anonymous pages could reveal CSRF token
    - CVE-2014-0473
    - MySQL typecasting could result in unexpected matches
    - CVE-2014-0474
  * Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
    upstream

 -- Luke Faraone <email address hidden> Mon, 21 Apr 2014 16:47:14 -0700

Andrew Starr-Bochicchio (andrewsomething)
Changed in python-django (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Daniel Holbach (dholbach) wrote :

This bug was fixed in the package python-django - 1.6.5-1
Sponsored for Andrew Starr-Bochicchio (andrewsomething)

---------------
python-django (1.6.5-1) unstable; urgency=high

  * New upstream security release.
   - Caches may be allowed to store and serve private data (CVE-2014-1418)
   - Malformed URLs from user input incorrectly validated
  * Drop partial_functions_reverse.patch (merged upstream).

 -- Raphaël Hertzog <email address hidden> Wed, 14 May 2014 22:49:59 +0200

python-django (1.6.3-2) unstable; urgency=high

  * Fix regression of reverse() and partial views. (LP: #1311433)
    Thanks Preston Timmons.

 -- Luke Faraone <email address hidden> Tue, 22 Apr 2014 20:44:18 -0700

python-django (1.6.3-1) unstable; urgency=high

  * New upstream security release.
    - Unexpected code execution using ``reverse()``
    - CVE-2014-0472
    - Caching of anonymous pages could reveal CSRF token
    - CVE-2014-0473
    - MySQL typecasting could result in unexpected matches
    - CVE-2014-0474
  * Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
    upstream

 -- Luke Faraone <email address hidden> Mon, 21 Apr 2014 16:47:14 -0700

Changed in python-django (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.