[django/django] 8b93b3: Fixed a remote code execution vulnerabilty in URL ...

Mon, 21 Apr 2014 15:33:17 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/django/django
  Commit: 8b93b31487d6d3b0fcbbd0498991ea0db9088054
      
https://github.com/django/django/commit/8b93b31487d6d3b0fcbbd0498991ea0db9088054
  Author: Tim Graham <timogra...@gmail.com>
  Date:   2014-04-21 (Mon, 21 Apr 2014)

  Changed paths:
    M django/core/urlresolvers.py
    A tests/urlpatterns_reverse/nonimported_module.py
    M tests/urlpatterns_reverse/tests.py
    M tests/urlpatterns_reverse/urls.py
    M tests/urlpatterns_reverse/views.py

  Log Message:
  -----------
  Fixed a remote code execution vulnerabilty in URL reversing.

Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.


  Commit: c083e3815aec23b99833da710eea574e6f2e8566
      
https://github.com/django/django/commit/c083e3815aec23b99833da710eea574e6f2e8566
  Author: Aymeric Augustin <aymeric.augus...@m4x.org>
  Date:   2014-04-21 (Mon, 21 Apr 2014)

  Changed paths:
    M django/middleware/cache.py
    M tests/cache/tests.py

  Log Message:
  -----------
  Prevented leaking the CSRF token through caching.

This is a security fix. Disclosure will follow shortly.


  Commit: 75c0d4ea3ae48970f788c482ee0bd6b29a7f1307
      
https://github.com/django/django/commit/75c0d4ea3ae48970f788c482ee0bd6b29a7f1307
  Author: Erik Romijn <erom...@solidlinks.nl>
  Date:   2014-04-21 (Mon, 21 Apr 2014)

  Changed paths:
    M django/db/models/fields/__init__.py
    M docs/howto/custom-model-fields.txt
    M docs/ref/databases.txt
    M docs/ref/models/querysets.txt
    M docs/topics/db/sql.txt
    M tests/model_fields/tests.py

  Log Message:
  -----------
  Fixed queries that may return unexpected results on MySQL due to typecasting.

This is a security fix; disclosure to follow shortly.


  Commit: c07f3e60c2d455e36ba4ac339d4283d32bbc3814
      
https://github.com/django/django/commit/c07f3e60c2d455e36ba4ac339d4283d32bbc3814
  Author: Erik Romijn <erom...@solidlinks.nl>
  Date:   2014-04-21 (Mon, 21 Apr 2014)

  Changed paths:
    M docs/releases/1.4.11.txt
    M docs/releases/1.5.6.txt
    M docs/releases/1.6.3.txt

  Log Message:
  -----------
  Added information on resolved security issues to release notes.


Compare: https://github.com/django/django/compare/ab90c4707bc8...c07f3e60c2d4

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/53559c9f4ea98_143637d3896672%40hookshot-fe2-cp1-prd.iad.github.net.mail.
For more options, visit https://groups.google.com/d/optout.

Reply via email to