-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 24 Feb 2013 16:08:14 +0100 Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.2.3-3+squeeze5 Distribution: stable-security Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Closes: 696535 701186 Changes: python-django (1.2.3-3+squeeze5) stable-security; urgency=high . * Stable security upload: https://www.djangoproject.com/weblog/2013/feb/19/security/ https://www.djangoproject.com/weblog/2012/dec/10/security/ Fixes mulptiple security issues: - Further fixes for Host header poisoning. CVE-2012-4520 - XML attacks via entity expansion. CVE-2013-1665 - Data leakage via admin history log. CVE-2013-0305 - Formset denial-of-service. CVE-2013-0306 - Redirect poisoning. * Backport all the upstream security patches: - debian/patches/20_fix_get_host.diff - debian/patches/21_fix_redirect_poisoning.diff - debian/patches/22_add_allowed_hosts.diff - debian/patches/23_restrict_xml_deserializer.diff - debian/patches/24_check_perms_admin_history_view.diff - debian/patches/25_limit_number_of_forms_in_formset.diff Closes: #701186, #696535 Checksums-Sha1: a4f42ef815b135dbf1042f716176ca5a57616db6 2214 python-django_1.2.3-3+squeeze5.dsc 640f68aede24ba2a551b8df250b95c433529c59c 42360 python-django_1.2.3-3+squeeze5.debian.tar.gz 563c0bc0f7db517eacce9eea950224d86ae46fa0 4221694 python-django_1.2.3-3+squeeze5_all.deb 27280ed48bfbecabcf11cfae907a82f2e402dbc0 1894256 python-django-doc_1.2.3-3+squeeze5_all.deb Checksums-Sha256: 687331ff1b155d173c9a6c2b007de511e82d33037f10d42bb0c1e07a5f073f45 2214 python-django_1.2.3-3+squeeze5.dsc 48141b4a6dd8658a70c38cc121150c6820a4e94f300780811345c9ea122f9745 42360 python-django_1.2.3-3+squeeze5.debian.tar.gz 051594c912a37a83b6ade6cf7d2220b384e43948f9ee1c9da9d91d00fbf31d64 4221694 python-django_1.2.3-3+squeeze5_all.deb 9a53b14aa03ad16ac22e942c2ae7dd8f47d59d210bdf3855342efbcee9adeaf9 1894256 python-django-doc_1.2.3-3+squeeze5_all.deb Files: b05ebf26e797b17186d01f1ec5949a69 2214 python optional python-django_1.2.3-3+squeeze5.dsc 9abd6f6c22823b72b7dcc19895191d14 42360 python optional python-django_1.2.3-3+squeeze5.debian.tar.gz 266ee387a3f40ec3c5fa9c4e48d62974 4221694 python optional python-django_1.2.3-3+squeeze5_all.deb 17781f4fff60bf76d08397c7375fa75b 1894256 doc optional python-django-doc_1.2.3-3+squeeze5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Raphael Hertzog iQIcBAEBCAAGBQJRK4EXAAoJEOYZBF3yrHKa1mkQAKbdZUNP+Ih0RObcytq16vHO m0MnHrEs9d99tx/iwWoBayiOshy01G75bNNsKQkStarz3OrHssJs313hhn7mxVua CfCpLCVRzwEDNmUMqITvogkKBsdH8/l6smrKdc1yo4iC36wELi0h6P+8KTy4rKXF e1mBzkrHPySODUngve1nMGr5nlcB48/lVUKLpWzfzI58OkqEvVurm7Pc7sQJtTTl TkRgiw7yUpSADGHM/fRa+jklOPo2/jBM4HRHvvL0mHJcwIOeXu0WaLpsJoTjZ89o L/nZukdaFLrrzPROaOCekS1w2X5thNEbCx9pJ6890o5COuu3AsGhIjQSyKuSMVmN 930xjI+vWOP6MCb1bfIYiOklwvggMULQ73a0hwUEcSIFCSf7Ruh0j/AhQSLjQTqp RH+sMVSulGrkwf5xaDBkdvNvTEs0eLDLI+g+BB21QH1lNv7MU2TAbV8xhVAYgx2m DDTVP7Dmqc1PYKFVYkvvxGIpFd+pBh/jeEn9vP31428zxpm5IzHOFbvuXM5xg7dX lvEq7lfyaIgsJ0RHIiVOZVzLmOxj3SN3axBnuwuGEguItgqhD72D651c6K3cwJpT KZllCGqb5PWOLZD61sAjtdJFE08poXxtCp+yTmyK4cnWv8x6Kha32cOjIJ4jFUbE hOL0gWmUOAcaIesB0aAr =+KTN -----END PGP SIGNATURE-----