Package: python-django / 1.7.11-1+deb8u3

Metadata

Package Version Patches format
python-django 1.7.11-1+deb8u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Disable creation of _sources directory by Sphinx.patch | (download)

docs/conf.py | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 disable creation of _sources directory by sphinx

 We do this to save some space as the sources of the documentation
 are not really useful in a binary package.
 .
 This is a Debian specific patch.
0002 Update manual page to refer to django admin instead .patch | (download)

docs/man/django-admin.1 | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 update manual page to refer to django-admin instead of

 django-admin.py

 Update the manual page to speak of django-admin instead of
 django-admin.py as that's the name used by the Debian package.
 .
 This is a Debian specific patch.
0003 Use Debian GeoIP database path as default.patch | (download)

django/contrib/gis/geoip/base.py | 19 10 + 9 - 0 !
1 file changed, 10 insertions(+), 9 deletions(-)

 use debian geoip database path as default

 Default to Debian standard path for GeoIP directory and for GeoIP city
 file. Avoids the need to declare them in each project.
 .
 This is a Debian specific patch.
Bug-Debian: http://bugs.debian.org/645094
0004 CVE 2016 2512 Prevented spoofing is_safe_url with ba.patch | (download)

django/utils/http.py | 8 6 + 2 - 0 !
tests/utils_tests/test_http.py | 12 12 + 0 - 0 !
2 files changed, 18 insertions(+), 2 deletions(-)

 cve-2016-2512: prevented spoofing is_safe_url() with basic auth

0005 is_safe_url crashes with a byestring URL on Python 2.patch | (download)

django/utils/http.py | 5 5 + 0 - 0 !
tests/utils_tests/test_http.py | 13 13 + 0 - 0 !
2 files changed, 18 insertions(+)

 is_safe_url() crashes with a byestring url on python 2

0006 CVE 2016 2513 Fixed user enumeration timing attack d.patch | (download)

django/contrib/auth/hashers.py | 77 57 + 20 - 0 !
django/contrib/auth/tests/test_hashers.py | 60 60 + 0 - 0 !
docs/topics/auth/passwords.txt | 113 113 + 0 - 0 !
3 files changed, 230 insertions(+), 20 deletions(-)

 cve-2016-2513: fixed user enumeration timing attack during login

0007 CVE 2016 6186 Fixed XSS in admin s add change relate.patch | (download)

django/views/debug.py | 4 2 + 2 - 0 !
tests/admin_views/admin.py | 3 2 + 1 - 0 !
tests/admin_views/models.py | 4 4 + 0 - 0 !
3 files changed, 8 insertions(+), 3 deletions(-)

 cve-2016-6186: fixed xss in admin's add/change related popup.

0008 1.8.x Fixed CVE 2016 7401 Fixed CSRF protection bypa.patch | (download)

django/http/cookie.py | 29 16 + 13 - 0 !
tests/httpwrappers/tests.py | 50 49 + 1 - 0 !
tests/requests/tests.py | 5 1 + 4 - 0 !
3 files changed, 66 insertions(+), 18 deletions(-)

 [1.8.x] fixed cve-2016-7401 -- fixed csrf protection bypass on a site

 with Google Analytics.

This is a security fix.

Backport of "refs #26158 -- rewrote http.parse_cookie() to better match
browsers." 93a135d111c2569d88d65a3f4ad9e6d9ad291452 from master

0009 Fixed 27912 CVE 2017 7233 Fixed is_safe_url with num.patch | (download)

django/utils/http.py | 66 65 + 1 - 0 !
tests/utils_tests/test_http.py | 5 4 + 1 - 0 !
2 files changed, 69 insertions(+), 2 deletions(-)

 fixed #27912, cve-2017-7233 -- fixed is_safe_url() with numeric urls.
 This is a security fix.


0010 Fixed CVE 2017 7234 Fixed open redirect vulnerabilit.patch | (download)

django/views/static.py | 23 5 + 18 - 0 !
1 file changed, 5 insertions(+), 18 deletions(-)

 fixed cve-2017-7234 -- fixed open redirect vulnerability in
 views.static.serve(). This is a security fix.


0011 Fixed CVE 2016 9013 Generated a random database user.patch | (download)

django/db/backends/oracle/creation.py | 10 7 + 3 - 0 !
docs/ref/settings.txt | 7 6 + 1 - 0 !
2 files changed, 13 insertions(+), 4 deletions(-)

 fixed cve-2016-9013 -- generated a random database user password when
 running tests on Oracle.

This is a security fix.

0012 Fixed CVE 2016 9014 Validated Host header when DEBUG.patch | (download)

django/http/request.py | 9 5 + 4 - 0 !
docs/ref/settings.txt | 11 8 + 3 - 0 !
tests/requests/tests.py | 29 15 + 14 - 0 !
3 files changed, 28 insertions(+), 21 deletions(-)

 fixed cve-2016-9014 -- validated host header when debug=true.

This is a security fix.

0013 CVE 2018 7536.patch | (download)

django/utils/html.py | 18 16 + 2 - 0 !
tests/utils_tests/test_html.py | 8 8 + 0 - 0 !
2 files changed, 24 insertions(+), 2 deletions(-)

 fix cve-2018-7536 -- dos in urlize

This is a security fix.

0014 CVE 2018 7537.patch | (download)

django/utils/text.py | 2 1 + 1 - 0 !
tests/utils_tests/test_text.py | 4 4 + 0 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

 fix cve-2018-7537 -- dos in truncate*_html

This is a security fix.