This bug was fixed in the package python-django - 1.1.1-2ubuntu1.5
--------------- python-django (1.1.1-2ubuntu1.5) lucid-security; urgency=low
* SECURITY UPDATE: Cross-site scripting in authentication views (LP: #1031733) - debian/patches/16_fix_cross_site_scripting_in_authentication.diff: fix unsafe redirects indjango/http/__init__.py. Patch backported from Debian Squeeze and fixed for python 2.4 compatibility. - CVE-2012-3442 * SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733) - debian/patches/17_fix_dos_in_image_validation.diff: call verify() immediately after the constructor in django/forms/fields.py. - CVE-2012-3443 * SECURITY UPDATE: Denial-of-service via get_image_dimensions() (LP: #1031733) - debian/patches/18_fix_dos_via_get_image_dimensions.diff: don't limit chunk size in django/core/files/images.py. - CVE-2012-3444 -- Marc Deslauriers <email address hidden> Thu, 06 Sep 2012 09:56:37 -0400
This bug was fixed in the package python-django - 1.1.1-2ubuntu1.5
---------------
python-django (1.1.1-2ubuntu1.5) lucid-security; urgency=low
* SECURITY UPDATE: Cross-site scripting in authentication views patches/ 16_fix_ cross_site_ scripting_ in_authenticati on.diff: http/__ init__. py. Patch backported from patches/ 17_fix_ dos_in_ image_validatio n.diff: call verify() forms/fields. py. dimensions( ) patches/ 18_fix_ dos_via_ get_image_ dimensions. diff: don't limit core/files/ images. py.
(LP: #1031733)
- debian/
fix unsafe redirects indjango/
Debian Squeeze and fixed for python 2.4 compatibility.
- CVE-2012-3442
* SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733)
- debian/
immediately after the constructor in django/
- CVE-2012-3443
* SECURITY UPDATE: Denial-of-service via get_image_
(LP: #1031733)
- debian/
chunk size in django/
- CVE-2012-3444
-- Marc Deslauriers <email address hidden> Thu, 06 Sep 2012 09:56:37 -0400