[Python-modules-commits] [python-django] branch debian/jessie updated (5446035 -> 0bae771)
Luke Faraone
lfaraone at moszumanska.debian.org
Sat Oct 29 20:54:09 UTC 2016
This is an automated email from the git hooks/post-receive script.
lfaraone pushed a change to branch debian/jessie
in repository python-django.
from 5446035 Merge remote-tracking branch 'origin/debian/jessie-updates' into debian/jessie
new 042bc6e Disable creation of _sources directory by Sphinx
new c39958a Update manual page to refer to django-admin instead of
new 83d5383 Use Debian GeoIP database path as default
new d6b0e58 CVE-2016-2512: Prevented spoofing is_safe_url() with basic auth
new 3ac6c8e is_safe_url() crashes with a byestring URL on Python 2
new 9b29044 CVE-2016-2513: Fixed user enumeration timing attack during login
new 5f8334e CVE-2016-6186: Fixed XSS in admin's add/change related popup.
new b66a3bc Fixed CVE-2016-7401 -- Fixed CSRF protection bypass on a site
new 91d05e9 Import python-django_1.7.11-1+deb8u1.dsc
new 0bae771 Import python-django 1.7.11-1+deb8u1
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/.git-dpm | 4 +-
debian/changelog | 7 +
...-CVE-2016-7401-Fixed-CSRF-protection-bypa.patch | 153 +++++++++++++++++++++
debian/patches/series | 1 +
django/http/cookie.py | 29 ++--
tests/httpwrappers/tests.py | 50 ++++++-
tests/requests/tests.py | 5 +-
7 files changed, 229 insertions(+), 20 deletions(-)
create mode 100644 debian/patches/0008-1.8.x-Fixed-CVE-2016-7401-Fixed-CSRF-protection-bypa.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-django.git
More information about the Python-modules-commits
mailing list