-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 Jan 2015 10:24:59 +0100 Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.4.5-1+deb7u9 Distribution: wheezy-security Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Closes: 775375 Changes: python-django (1.4.5-1+deb7u9) wheezy-security; urgency=high . * New upstream security release: https://www.djangoproject.com/weblog/2015/jan/13/security/ - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219) - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220) - Denial-of-service attack against django.views.static.serve (CVE-2015-0221) Closes: #775375 * Also include a fix for a regression introduced by the patch for CVE-2015-0221: https://code.djangoproject.com/ticket/24158 Checksums-Sha1: c8c1760f38e043f5ad67871a8cf1d39086327026 1928 python-django_1.4.5-1+deb7u9.dsc 72e7794a049795d2a16bfa070336046276e17544 53052 python-django_1.4.5-1+deb7u9.debian.tar.gz a865f776c70540e8af70316299946d437473a134 5398024 python-django_1.4.5-1+deb7u9_all.deb 9cd42699ef94932983c537d3d2ae39cf59a44b03 2436772 python-django-doc_1.4.5-1+deb7u9_all.deb Checksums-Sha256: c5f3ac951c2ab826259684a57ea745b72aba073dc1002b2071e77641128ac9ac 1928 python-django_1.4.5-1+deb7u9.dsc bdd28da574424d333b7797e4bb8cb4f27a11e4c201decd8d10b189c0e35b9258 53052 python-django_1.4.5-1+deb7u9.debian.tar.gz 3734fe7cebccdf651098997ac8c9f76df49cc8d2585de232e3ed3ce232bf1565 5398024 python-django_1.4.5-1+deb7u9_all.deb ec7b1ed7b77932e54244a2e71463213a52587eff043114c5fe779258663d9b1c 2436772 python-django-doc_1.4.5-1+deb7u9_all.deb Files: 2a628d741213ad706a136698fc9f3334 1928 python optional python-django_1.4.5-1+deb7u9.dsc 5a169beef36a78db87c87e26fdc5df10 53052 python optional python-django_1.4.5-1+deb7u9.debian.tar.gz f56d65e6f8d01e06003ddbde3a8b82b3 5398024 python optional python-django_1.4.5-1+deb7u9_all.deb 16fcc053ace64ba0af18540d5de46af6 2436772 doc optional python-django-doc_1.4.5-1+deb7u9_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJUyVshAAoJEAOIHavrwpq5hkMH/2hwFx8C7RDqPIZ4Sv24yyG7 pFWOy6GZBNA187LWXnozlkI+1N9qnHwEwN6gqsGKpwn/IF5iAJWbiOHWoFL9C/bl 6l8P8OsHF+Uej/SkZo4b0RgEuFWs/TU6SrL20U7+v6VusLs6pT3iqz5EaRsrPbZT bnZsW+41/QTPOtJS6cG/VOlswOjqiOrZxorsyejMe0FV2QWZJddTWQIKnvrymVLJ drfZebGlg2+/Q31bHuBEbhdqbnL7PdmNI1RWP+E9HyG0+mTDl+Lv4H0ioS0lxea3 MvwDHSc/ASPew5j0XC4LhQdEKD5d47NJHtC3omfLJoW+6jC87QGqmR3PSNBjZaU= =IFSj -----END PGP SIGNATURE-----