[Python-modules-commits] [python-django] branch debian/jessie-updates updated (fbf92fb -> 7235b53)

Raphaël Hertzog hertzog at moszumanska.debian.org
Mon Jul 25 07:57:01 UTC 2016 

This is an automated email from the git hooks/post-receive script.

hertzog pushed a change to branch debian/jessie-updates
in repository python-django.

      from  fbf92fb   Add links to release notes
      adds  e060f68   Disable creation of _sources directory by Sphinx
      adds  cfa3b0d   Update manual page to refer to django-admin instead of django-admin.py
      adds  1dc4e2c   Use Debian GeoIP database path as default
      adds  d8c9fc0   newlines-1.7.x.diff
      adds  94fe77a   session-1.7.x.diff
      adds  24a5915   session-store-1.7.x.diff
      adds  addba51   Import python-django_1.7.7-1%2Bdeb8u2.dsc
      adds  62a137b   Import python-django 1.7.7-1+deb8u2
      adds  9862883   date-leak-1.7.diff
      adds  5d3cf37   Import python-django_1.7.7-1%2Bdeb8u3.dsc
      adds  f820494   Import python-django 1.7.7-1+deb8u3
      adds  c58b975   CVE-2016-2512: Prevented spoofing is_safe_url() with basic auth
      adds  326852b   is_safe_url() crashes with a byestring URL on Python 2
      adds  a471ae7   CVE-2016-2513: Fixed user enumeration timing attack during login
      adds  26465e7   Import python-django_1.7.7-1%2Bdeb8u4.dsc
      adds  5285f0d   Import python-django 1.7.7-1+deb8u4
      adds  eda2ca8   CVE-2016-6186: Fixed XSS in admin's add/change related popup.
      adds  cf9ccf6   Import python-django_1.7.7-1%2Bdeb8u5.dsc
      adds  4eee5af   Import python-django 1.7.7-1+deb8u5
       new  a6c7a94   Merge branch 'debian/jessie' into debian/jessie-updates
       new  c994e4a   Disable creation of _sources directory by Sphinx
       new  7c0f2ff   Update manual page to refer to django-admin instead of django-admin.py
       new  e06be82   Use Debian GeoIP database path as default
       new  ce819b2   CVE-2016-2512: Prevented spoofing is_safe_url() with basic auth
       new  41e37f8   is_safe_url() crashes with a byestring URL on Python 2
       new  22de96c   CVE-2016-2513: Fixed user enumeration timing attack during login
       new  39cf1a3   CVE-2016-6186: Fixed XSS in admin's add/change related popup.
       new  def4d87   merge debian/patched-jessie-updates into debian/jessie-updates
       new  7235b53   Prepare for release

The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/.git-dpm                                    |   4 +-
 debian/changelog                                   |  37 +-
 debian/control                                     |   1 +
 ...creation-of-_sources-directory-by-Sphinx.patch} |   6 +-
 ...l-page-to-refer-to-django-admin-instead-.patch} |   6 +-
 ...se-Debian-GeoIP-database-path-as-default.patch} |   6 +-
 ...12-Prevented-spoofing-is_safe_url-with-ba.patch |  67 ++++
 ...-crashes-with-a-byestring-URL-on-Python-2.patch |  61 ++++
 ...13-Fixed-user-enumeration-timing-attack-d.patch | 395 +++++++++++++++++++++
 ...86-Fixed-XSS-in-admin-s-add-change-relate.patch |  72 ++++
 debian/patches/series                              |  10 +-
 django/contrib/auth/hashers.py                     |  77 ++--
 django/contrib/auth/tests/test_hashers.py          |  60 ++++
 django/utils/http.py                               |  13 +-
 django/views/debug.py                              |   4 +-
 docs/topics/auth/passwords.txt                     | 113 ++++++
 tests/admin_views/admin.py                         |   3 +-
 tests/admin_views/models.py                        |   4 +
 tests/utils_tests/test_http.py                     |  25 ++
 19 files changed, 921 insertions(+), 43 deletions(-)
 rename debian/patches/{02_disable-sources-in-sphinxdoc.diff => 0001-Disable-creation-of-_sources-directory-by-Sphinx.patch} (85%)
 rename debian/patches/{03_manpage.diff => 0002-Update-manual-page-to-refer-to-django-admin-instead-.patch} (87%)
 rename debian/patches/{06_use_debian_geoip_database_as_default.diff => 0003-Use-Debian-GeoIP-database-path-as-default.patch} (95%)
 create mode 100644 debian/patches/0004-CVE-2016-2512-Prevented-spoofing-is_safe_url-with-ba.patch
 create mode 100644 debian/patches/0005-is_safe_url-crashes-with-a-byestring-URL-on-Python-2.patch
 create mode 100644 debian/patches/0006-CVE-2016-2513-Fixed-user-enumeration-timing-attack-d.patch
 create mode 100644 debian/patches/0007-CVE-2016-6186-Fixed-XSS-in-admin-s-add-change-relate.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django.git

More information about the Python-modules-commits mailing list