Bug#775375: marked as pending

Wed, 28 Jan 2015 13:04:17 -0800 

tag 775375 pending
thanks

Hello,

Bug #775375 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    
http://git.debian.org/?p=python-modules/packages/python-django.git;a=commitdiff;h=3f5c481

---
commit 3f5c481b72dac398ca22b6d44a0479f199f961c4
Merge: d87b702 b89ad8c
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Wed Jan 28 21:48:59 2015 +0100

    Merge remote-tracking branch 'origin/debian/wheezy-lfaraone' into 
debian/wheezy
    
    Integrate the 1.4.5-1+deb7u8 upload of Luke Faraone that somehow got lost
    in this branch.
    
    Conflicts:
        debian/changelog
        debian/patches/series

diff --cc debian/changelog
index 2c59f9d,38a8623..ab3f283
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,16 -1,13 +1,27 @@@
- python-django (1.4.5-1+deb7u8) stable-security; urgency=medium
++python-django (1.4.5-1+deb7u9) wheezy-security; urgency=high
 +
 +  * New upstream security release:
 +    https://www.djangoproject.com/weblog/2015/jan/13/security/
 +    - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
 +    - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
 +    - Denial-of-service attack against django.views.static.serve
 +      (CVE-2015-0221)
++    Closes: #775375
 +  * Also include a fix for a regression introduced by the patch for
 +    CVE-2015-0221: https://code.djangoproject.com/ticket/24158
 +
 + -- Raphaël Hertzog <hert...@debian.org>  Wed, 28 Jan 2015 10:24:59 +0100
 +
+ python-django (1.4.5-1+deb7u8) wheezy-security; urgency=high
+ 
+   * New upstream security release.
 -    - reverse() can generate URLs pointing to other hosts (CVE-2014-0480)     
                                                                                
                                                     
 -    - file upload denial of service (CVE-2014-0481)                           
                                                                                
                                                     
 -    - RemoteUserMiddleware session hijacking (CVE-2014-0482)                  
                                                                                
                                                     
++    - reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
++    - file upload denial of service (CVE-2014-0481)
++    - RemoteUserMiddleware session hijacking (CVE-2014-0482)
+     - data leakage via querystring manipulation in admin (CVE-2014-0483)   
+ 
+  -- Luke Faraone <lfara...@debian.org>  Wed, 20 Aug 2014 01:46:17 -0700
+ 
  python-django (1.4.5-1+deb7u7) stable-security; urgency=high
  
    * New upstream security release.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to