Ubuntu
python-django package

  1. Bug #1031733
  2. Comment #13

Comment 13 for bug 1031733

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django - 1.2.5-1ubuntu1.2

---------------
python-django (1.2.5-1ubuntu1.2) natty-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting in authentication views
    (LP: #1031733)
    - debian/patches/16_fix_cross_site_scripting_in_authentication.diff:
      fix unsafe redirects indjango/http/__init__.py, add test case to
      tests/regressiontests/httpwrappers/tests.py. Patch backport taken
      from Debian Squeeze and fixed for python 2.4 compatibility.
    - CVE-2012-3442
  * SECURITY UPDATE: Denial-of-service in image validation (LP: #1031733)
    - debian/patches/17_fix_dos_in_image_validation.diff: call verify()
      immediately after the constructor in django/forms/fields.py.
    - CVE-2012-3443
  * SECURITY UPDATE: Denial-of-service via get_image_dimensions()
    (LP: #1031733)
    - debian/patches/18_fix_dos_via_get_image_dimensions.diff: don't limit
      chunk size in django/core/files/images.py.
    - CVE-2012-3444
 -- Marc Deslauriers <email address hidden> Thu, 06 Sep 2012 09:39:29 -0400