[Python-modules-team] python-django_1.10.7-1_amd64.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Apr 4 16:19:06 UTC 2017 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 04 Apr 2017 17:53:30 +0200
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Built-For-Profiles: nocheck
Architecture: source
Version: 1:1.10.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby at debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Closes: 859515 859516
Changes:
 python-django (1:1.10.7-1) unstable; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied
       numeric redirect URLs.
 .
       Django relies on user input in some cases (e.g.
       django.contrib.auth.views.login() and i18n) to redirect the user to an
       "on success" URL. The security check for these redirects (namely
       django.utils.http.is_safe_url()) considered some numeric URLs (e.g.
       http:999999999) "safe" when they shouldn't be.
 .
       Also, if a developer relies on is_safe_url() to provide safe redirect
       targets and puts such a URL into a link, they could suffer from an XSS
       attack. (Closes: #859515)
 .
     - CVE-2017-7234: Open redirect vulnerability in django.views.static.serve().
 .
       A maliciously crafted URL to a Django site using the
       django.views.static.serve() view could redirect to any other domain. The
       view no longer does any redirects as they don't provide any known,
       useful functionality.
 .
       Note, however, that this view has always carried a warning that it is
       not hardened for production use and should be used only as a development
       aid. Thanks Phithon Gong for reporting this issue. (Closes: #859516)
Checksums-Sha1:
 d406edb4c81726a0b444782d049eb21a771d2a6c 2776 python-django_1.10.7-1.dsc
 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz
 c0fe41bec64979d747cce197aa1e55e3833b3eb1 25376 python-django_1.10.7-1.debian.tar.xz
 11694d5548b43df4ff6ffad4b413fe1224bb1ff4 8723 python-django_1.10.7-1_amd64.buildinfo
Checksums-Sha256:
 e16cb37402b30421fecc2241e51c148cdedb724312c5c669cd703078cce1bdb4 2776 python-django_1.10.7-1.dsc
 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz
 a0c646be8d148c8dd00849b7cc712d06267e551f320da39d5e3f58aa3f549f04 25376 python-django_1.10.7-1.debian.tar.xz
 81783deada27b44fde2a387e375a139c2c5f61a86d0535b1183a8aa281340354 8723 python-django_1.10.7-1_amd64.buildinfo
Files:
 113fb9a8538eff5ce750b8775f8e9b15 2776 python optional python-django_1.10.7-1.dsc
 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz
 46c5ed3063181c29f9f280097850bc4a 25376 python optional python-django_1.10.7-1.debian.tar.xz
 9a0df9dc3e696e19514347411699da20 8723 python optional python-django_1.10.7-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljjwngACgkQHpU+J9Qx
Hlj62xAAtZS1+jZHdH8b+MAbJvxmwYMMkrhk/COwtHSHzbreOoiTUSr5hAKTRXlK
mvQPvnwjlhKqSY6513GMkHFwQk6HCnzZgPpQkqn+7sBW4hZIkKlPMOx+jT5AlyVX
o7qAUuTpzxQRZ++mo6BKglAtw9Iu8t8b6BnsW3jY7kTKmGYMIuQldumkfxLi1dyN
f6Vm1vVLp0caTz3I4x2W7UCLzFO5K5jnJHYjwfXJdBkjltifZuCUDvX8/6lPK67d
EvcuAqsCmH6MHPI91G9QDdycpyIBFND2o5EXntS1Ldx4w6/ucbtCuU8bUB4njT/v
thlz5RYgX3dKkPRaaWZ3d4H3ynD+KuUMtVgQYhT6pc79q6G7dUHEzzSpvkCqmnw0
jkUCycY8+7RIu0n/393EsxEdNCZwVCpQAZOGKuatKP8qshCi1QXkmBXIJxE+SyY4
mEbtmmSKUG+8FHDrtJJtkT95yixfEp9DPqPHKR6wuLkWWxux2vZ5q1POLf7g4VhJ
1icuh9YTrOeMPEN+v6TRSg4nc82hJb6tDNFKzP1ArxpUeQVb4fsMIQ+foEQsVgjb
p031KMDi2e7LdYNPW8SICyu9c+PE/U6PcuaQl78V+sR15tdpwuaFgfthhbJe8PIa
os7qiuQrsSNw6dnbVx0jKGTpIzI7jECU3XvygphS8FebwgnvhpM=
=Tv/P
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Python-modules-team mailing list