This bug was fixed in the package python-django - 1.6.5-1 Sponsored for Andrew Starr-Bochicchio (andrewsomething)
--------------- python-django (1.6.5-1) unstable; urgency=high * New upstream security release. - Caches may be allowed to store and serve private data (CVE-2014-1418) - Malformed URLs from user input incorrectly validated * Drop partial_functions_reverse.patch (merged upstream). -- Raphaƫl Hertzog <hert...@debian.org> Wed, 14 May 2014 22:49:59 +0200 python-django (1.6.3-2) unstable; urgency=high * Fix regression of reverse() and partial views. (LP: #1311433) Thanks Preston Timmons. -- Luke Faraone <lfara...@debian.org> Tue, 22 Apr 2014 20:44:18 -0700 python-django (1.6.3-1) unstable; urgency=high * New upstream security release. - Unexpected code execution using ``reverse()`` - CVE-2014-0472 - Caching of anonymous pages could reveal CSRF token - CVE-2014-0473 - MySQL typecasting could result in unexpected matches - CVE-2014-0474 * Drop patches 07_translation_encoding_fix and ticket21869.diff; merged upstream -- Luke Faraone <lfara...@debian.org> Mon, 21 Apr 2014 16:47:14 -0700 ** Changed in: python-django (Ubuntu) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0472 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0473 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0474 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-1418 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1323929 Title: Sync python-django 1.6.5-1 (main) from Debian sid (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1323929/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs