This bug was fixed in the package python-django - 1.4.5-1ubuntu0.1 --------------- python-django (1.4.5-1ubuntu0.1) raring-security; urgency=low
* SECURITY UPDATE: denial of service via long passwords (LP: #1225784) - debian/patches/CVE-2013-1443.patch: enforce a maximum password length in django/contrib/auth/forms.py, django/contrib/auth/hashers.py, django/contrib/auth/tests/hashers.py. - CVE-2013-1443 * SECURITY UPDATE: directory traversal with ssi template tag - debian/patches/CVE-2013-4315.patch: properly check absolute path in django/template/defaulttags.py, tests/regressiontests/templates/tests.py. - CVE-2013-4315 * SECURITY UPDATE: possible XSS via is_safe_url - debian/patches/security-is_safe_url.patch: properly reject URLs which specify a scheme other then HTTP or HTTPS. - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/ - No CVE number * debian/patches/fix-validation-tests.patch: fix regression in tests since example.com is now available via https. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 20 Sep 2013 08:48:09 -0400 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1225784 Title: CVE-2013-1443 denial-of-service via large passwords To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1225784/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs