subject:"\[Django\] #23601\: Possible side\-imports through admindocs"

Re: [Django] #23601: Possible side-imports through admindocs

2014-10-06 Thread Django

#23601: Possible side-imports through admindocs
---+---
 Reporter:  Markush2010|Owner:  Markush2010
 Type:  Uncategorized  |   Status:  closed
Component:  contrib.admindocs  |  Version:  master
 Severity:  Normal |   Resolution:  fixed
 Keywords:  security   | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+---

Comment (by Tim Graham ):

 In [changeset:"c2508990cb53b52783ebb38dc0b5f0ab5d023c76"]:
 {{{
 #!CommitTicketReference repository=""
 revision="c2508990cb53b52783ebb38dc0b5f0ab5d023c76"
 [1.7.x] Fixed #23601 -- Ensured view exists in URLconf before importing it
 in admindocs.

 Backport of 2f16ff5a6c from master
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.d0643691e7b87cfdf25ba0d1f52f767e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #23601: Possible side-imports through admindocs

2014-10-06 Thread Django

#23601: Possible side-imports through admindocs
---+---
 Reporter:  Markush2010|Owner:  Markush2010
 Type:  Uncategorized  |   Status:  closed
Component:  contrib.admindocs  |  Version:  master
 Severity:  Normal |   Resolution:  fixed
 Keywords:  security   | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+---

Comment (by Tim Graham ):

 In [changeset:"51165401be3e9d084c6a3ebb99246e5bb29bb752"]:
 {{{
 #!CommitTicketReference repository=""
 revision="51165401be3e9d084c6a3ebb99246e5bb29bb752"
 Moved release note for refs #23601 to 1.7.1.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.6c10179f7c16f1c686781082eefcdc2f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #23601: Possible side-imports through admindocs

2014-10-06 Thread Django

#23601: Possible side-imports through admindocs
---+---
 Reporter:  Markush2010|Owner:  Markush2010
 Type:  Uncategorized  |   Status:  closed
Component:  contrib.admindocs  |  Version:  master
 Severity:  Normal |   Resolution:  fixed
 Keywords:  security   | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+---
Changes (by Tim Graham ):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"2f16ff5a6cbd71fc6c50e88e4087f3657222e90e"]:
 {{{
 #!CommitTicketReference repository=""
 revision="2f16ff5a6cbd71fc6c50e88e4087f3657222e90e"
 Fixed #23601 -- Ensured view exists in URLconf before importing it in
 admindocs.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.808e168a68da0613292d31f18a26b2c1%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #23601: Possible side-imports through admindocs

2014-10-04 Thread Django

#23601: Possible side-imports through admindocs
---+---
 Reporter:  Markush2010|Owner:  Markush2010
 Type:  Uncategorized  |   Status:  assigned
Component:  contrib.admindocs  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords:  security   | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+---
Changes (by Markush2010):

 * status:  new => assigned
 * needs_better_patch:   => 0
 * has_patch:  0 => 1
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 Pull-request: https://github.com/django/django/pull/3305

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.1f73df39d359d53a44a478c39781afc7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #23601: Possible side-imports through admindocs

2014-10-04 Thread Django

#23601: Possible side-imports through admindocs
---+-
 Reporter:  Markush2010|  Owner:  Markush2010
 Type:  Uncategorized  | Status:  new
Component:  contrib.admindocs  |Version:  master
 Severity:  Normal |   Keywords:  security
 Triage Stage:  Unreviewed |  Has patch:  0
Easy pickings:  0  |  UI/UX:  0
---+-
 The `ViewDetailView` from `django.contrib.admindocs` allows arbitrary
 imports via user input. However, due to required permissions to open that
 page this threat is not that high.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/054.fc419208801a69a74e73a6a2efca22df%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #23601: Possible side-imports through admindocs

Re: [Django] #23601: Possible side-imports through admindocs

Re: [Django] #23601: Possible side-imports through admindocs

Re: [Django] #23601: Possible side-imports through admindocs

[Django] #23601: Possible side-imports through admindocs

5 matches

Site Navigation

Mail list logo

Footer information