Package: python-django / 1.7.11-1+deb8u3
Metadata
Package | Version | Patches format |
---|---|---|
python-django | 1.7.11-1+deb8u3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 Disable creation of _sources directory by Sphinx.patch | (download) |
docs/conf.py |
5 4 + 1 - 0 ! |
disable creation of _sources directory by sphinx We do this to save some space as the sources of the documentation are not really useful in a binary package. . This is a Debian specific patch. |
0002 Update manual page to refer to django admin instead .patch | (download) |
docs/man/django-admin.1 |
6 3 + 3 - 0 ! |
update manual page to refer to django-admin instead of django-admin.py Update the manual page to speak of django-admin instead of django-admin.py as that's the name used by the Debian package. . This is a Debian specific patch. |
0003 Use Debian GeoIP database path as default.patch | (download) |
django/contrib/gis/geoip/base.py |
19 10 + 9 - 0 ! |
use debian geoip database path as default Default to Debian standard path for GeoIP directory and for GeoIP city file. Avoids the need to declare them in each project. . This is a Debian specific patch. Bug-Debian: http://bugs.debian.org/645094 |
0004 CVE 2016 2512 Prevented spoofing is_safe_url with ba.patch | (download) |
django/utils/http.py |
8 6 + 2 - 0 ! |
cve-2016-2512: prevented spoofing is_safe_url() with basic auth |
0005 is_safe_url crashes with a byestring URL on Python 2.patch | (download) |
django/utils/http.py |
5 5 + 0 - 0 ! |
is_safe_url() crashes with a byestring url on python 2 |
0006 CVE 2016 2513 Fixed user enumeration timing attack d.patch | (download) |
django/contrib/auth/hashers.py |
77 57 + 20 - 0 ! |
cve-2016-2513: fixed user enumeration timing attack during login |
0007 CVE 2016 6186 Fixed XSS in admin s add change relate.patch | (download) |
django/views/debug.py |
4 2 + 2 - 0 ! |
cve-2016-6186: fixed xss in admin's add/change related popup. |
0008 1.8.x Fixed CVE 2016 7401 Fixed CSRF protection bypa.patch | (download) |
django/http/cookie.py |
29 16 + 13 - 0 ! |
[1.8.x] fixed cve-2016-7401 -- fixed csrf protection bypass on a site with Google Analytics. This is a security fix. Backport of "refs #26158 -- rewrote http.parse_cookie() to better match browsers." 93a135d111c2569d88d65a3f4ad9e6d9ad291452 from master |
0009 Fixed 27912 CVE 2017 7233 Fixed is_safe_url with num.patch | (download) |
django/utils/http.py |
66 65 + 1 - 0 ! |
fixed #27912, cve-2017-7233 -- fixed is_safe_url() with numeric urls. This is a security fix. |
0010 Fixed CVE 2017 7234 Fixed open redirect vulnerabilit.patch | (download) |
django/views/static.py |
23 5 + 18 - 0 ! |
fixed cve-2017-7234 -- fixed open redirect vulnerability in views.static.serve(). This is a security fix. |
0011 Fixed CVE 2016 9013 Generated a random database user.patch | (download) |
django/db/backends/oracle/creation.py |
10 7 + 3 - 0 ! |
fixed cve-2016-9013 -- generated a random database user password when running tests on Oracle. This is a security fix. |
0012 Fixed CVE 2016 9014 Validated Host header when DEBUG.patch | (download) |
django/http/request.py |
9 5 + 4 - 0 ! |
fixed cve-2016-9014 -- validated host header when debug=true. This is a security fix. |
0013 CVE 2018 7536.patch | (download) |
django/utils/html.py |
18 16 + 2 - 0 ! |
fix cve-2018-7536 -- dos in urlize This is a security fix. |
0014 CVE 2018 7537.patch | (download) |
django/utils/text.py |
2 1 + 1 - 0 ! |
fix cve-2018-7537 -- dos in truncate*_html This is a security fix. |