Accepted python-django 1.2.3-3+squeeze5 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 24 Feb 2013 16:08:14 +0100
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.2.3-3+squeeze5
Distribution: stable-security
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Raphaël Hertzog <hertzog@debian.org>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Closes: 696535 701186
Changes:
python-django (1.2.3-3+squeeze5) stable-security; urgency=high
.
* Stable security upload:
https://www.djangoproject.com/weblog/2013/feb/19/security/
https://www.djangoproject.com/weblog/2012/dec/10/security/
Fixes mulptiple security issues:
- Further fixes for Host header poisoning. CVE-2012-4520
- XML attacks via entity expansion. CVE-2013-1665
- Data leakage via admin history log. CVE-2013-0305
- Formset denial-of-service. CVE-2013-0306
- Redirect poisoning.
* Backport all the upstream security patches:
- debian/patches/20_fix_get_host.diff
- debian/patches/21_fix_redirect_poisoning.diff
- debian/patches/22_add_allowed_hosts.diff
- debian/patches/23_restrict_xml_deserializer.diff
- debian/patches/24_check_perms_admin_history_view.diff
- debian/patches/25_limit_number_of_forms_in_formset.diff
Closes: #701186, #696535
Checksums-Sha1:
a4f42ef815b135dbf1042f716176ca5a57616db6 2214 python-django_1.2.3-3+squeeze5.dsc
640f68aede24ba2a551b8df250b95c433529c59c 42360 python-django_1.2.3-3+squeeze5.debian.tar.gz
563c0bc0f7db517eacce9eea950224d86ae46fa0 4221694 python-django_1.2.3-3+squeeze5_all.deb
27280ed48bfbecabcf11cfae907a82f2e402dbc0 1894256 python-django-doc_1.2.3-3+squeeze5_all.deb
Checksums-Sha256:
687331ff1b155d173c9a6c2b007de511e82d33037f10d42bb0c1e07a5f073f45 2214 python-django_1.2.3-3+squeeze5.dsc
48141b4a6dd8658a70c38cc121150c6820a4e94f300780811345c9ea122f9745 42360 python-django_1.2.3-3+squeeze5.debian.tar.gz
051594c912a37a83b6ade6cf7d2220b384e43948f9ee1c9da9d91d00fbf31d64 4221694 python-django_1.2.3-3+squeeze5_all.deb
9a53b14aa03ad16ac22e942c2ae7dd8f47d59d210bdf3855342efbcee9adeaf9 1894256 python-django-doc_1.2.3-3+squeeze5_all.deb
Files:
b05ebf26e797b17186d01f1ec5949a69 2214 python optional python-django_1.2.3-3+squeeze5.dsc
9abd6f6c22823b72b7dcc19895191d14 42360 python optional python-django_1.2.3-3+squeeze5.debian.tar.gz
266ee387a3f40ec3c5fa9c4e48d62974 4221694 python optional python-django_1.2.3-3+squeeze5_all.deb
17781f4fff60bf76d08397c7375fa75b 1894256 doc optional python-django-doc_1.2.3-3+squeeze5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog
iQIcBAEBCAAGBQJRK4EXAAoJEOYZBF3yrHKa1mkQAKbdZUNP+Ih0RObcytq16vHO
m0MnHrEs9d99tx/iwWoBayiOshy01G75bNNsKQkStarz3OrHssJs313hhn7mxVua
CfCpLCVRzwEDNmUMqITvogkKBsdH8/l6smrKdc1yo4iC36wELi0h6P+8KTy4rKXF
e1mBzkrHPySODUngve1nMGr5nlcB48/lVUKLpWzfzI58OkqEvVurm7Pc7sQJtTTl
TkRgiw7yUpSADGHM/fRa+jklOPo2/jBM4HRHvvL0mHJcwIOeXu0WaLpsJoTjZ89o
L/nZukdaFLrrzPROaOCekS1w2X5thNEbCx9pJ6890o5COuu3AsGhIjQSyKuSMVmN
930xjI+vWOP6MCb1bfIYiOklwvggMULQ73a0hwUEcSIFCSf7Ruh0j/AhQSLjQTqp
RH+sMVSulGrkwf5xaDBkdvNvTEs0eLDLI+g+BB21QH1lNv7MU2TAbV8xhVAYgx2m
DDTVP7Dmqc1PYKFVYkvvxGIpFd+pBh/jeEn9vP31428zxpm5IzHOFbvuXM5xg7dX
lvEq7lfyaIgsJ0RHIiVOZVzLmOxj3SN3axBnuwuGEguItgqhD72D651c6K3cwJpT
KZllCGqb5PWOLZD61sAjtdJFE08poXxtCp+yTmyK4cnWv8x6Kha32cOjIJ4jFUbE
hOL0gWmUOAcaIesB0aAr
=+KTN
-----END PGP SIGNATURE-----