Ubuntu
python-django package

python-django 1:1.11.10-1ubuntu1 source package in Ubuntu

Changelog

python-django (1:1.11.10-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/pymysql-replacement.patch: Use pymysql as drop in
      replacement for MySQLdb.
    - debian/control: Drop python-mysqldb in favor of python-pymysql.

python-django (1:1.11.10-1) unstable; urgency=medium

  * New upstream security release:
    - CVE-2018-6188: A regression in Django 1.11.8 made
      django.contrib.auth.forms.AuthenticationForm run its
      confirm_login_allowed() method even if an incorrect password is entered.
      This can leak information about a user, depending on what messages
      confirm_login_allowed() raises. If confirm_login_allowed() isn't
      overridden, an attacker enter an arbitrary username and see if that user
      has been set to is_active=False. If confirm_login_allowed() is
      overridden, more sensitive details could be leaked.
  * Use HTTPS "Format" URI in debian/copyright.

 -- Steve Langasek <email address hidden>  Fri, 23 Feb 2018 11:56:40 -0800

Upload details

Uploaded by:
Steve Langasek
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Bionic: [FAILEDTOBUILD] amd64

Downloads

File Size SHA-256 Checksum
python-django_1.11.10.orig.tar.gz 7.5 MiB 22383567385a9c406d8a5ce080a2694c82c6b733e157922197e8b393bb3aacd9
python-django_1.11.10-1ubuntu1.debian.tar.xz 27.2 KiB 1c0eb110f0791669f897fa3060d77de1bf749ac7b340290cdb95444c28b1baab
python-django_1.11.10-1ubuntu1.dsc 3.2 KiB 2df130e7fac5c227a988cee827184d40cac48a96e2fdf735e3667f314629ca4f

View changes file

Binary packages built by this source