-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 12 Mar 2016 17:13:01 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1.7.7-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 816434 Changes: python-django (1.7.7-1+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-2512: Prevented spoofing is_safe_url() with basic auth. Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth. (Closes: #816434) * is_safe_url() crashes with a byestring URL on Python 2. Fixes a regression introduced by the original fix for CVE-2016-2512. * CVE-2016-2513: Fixed user enumeration timing attack during login (Closes: #816434) * Add Build-Depends on python-mock and python3-mock Checksums-Sha1: 00bb6e5e4d494cb291995f06150648812bb04fa2 2677 python-django_1.7.7-1+deb8u4.dsc d0d0598cff5d7d992713d56b01ea20239efe3add 32696 python-django_1.7.7-1+deb8u4.debian.tar.xz 0a052de6f4129a2477a2dd2605f27830341975ea 988070 python-django_1.7.7-1+deb8u4_all.deb 7d4302320aab07c482b63aafece5c2c4173e37d6 971236 python3-django_1.7.7-1+deb8u4_all.deb bc144f2c117ee1cda47cef7d2ab298df5590fb34 1497606 python-django-common_1.7.7-1+deb8u4_all.deb 426955e8a2438f4bda1cceaeec2307a0a6180cca 2488202 python-django-doc_1.7.7-1+deb8u4_all.deb Checksums-Sha256: faea69f01a3f266a885f6bcdacd8b616ad8acf8612e58c36aeb8b1c71c035c5e 2677 python-django_1.7.7-1+deb8u4.dsc c049a536683cf513c15fb7d1a79d580dc55414a379265e2da1f89432ef3fa6ec 32696 python-django_1.7.7-1+deb8u4.debian.tar.xz f7ae460fcefb0585cf0254effab573711bd253051f1858a705b19d46c6f6ec50 988070 python-django_1.7.7-1+deb8u4_all.deb c4bfa80a1395c8c122d919f087485656d6fc7fe7bd2692459a5db5df15f97ca0 971236 python3-django_1.7.7-1+deb8u4_all.deb 24c61c42ccc63636ba857c3566a72193c30be30b320736f1c4b4d7c558a271c3 1497606 python-django-common_1.7.7-1+deb8u4_all.deb 2341727645b3e673165555cd754d5823a5f276ab186422a35a6c43f4211f663d 2488202 python-django-doc_1.7.7-1+deb8u4_all.deb Files: c73ad978888bc3b4f9b40e006a59635b 2677 python optional python-django_1.7.7-1+deb8u4.dsc 44d5bf1cdd95878d7a72e9a7197b294a 32696 python optional python-django_1.7.7-1+deb8u4.debian.tar.xz 116aaff677194c56a05ab9e358141c0f 988070 python optional python-django_1.7.7-1+deb8u4_all.deb d2c8c310ad99680d78f467c7adc1101a 971236 python optional python3-django_1.7.7-1+deb8u4_all.deb 3ad8133f3946991135a72a1e1e50137f 1497606 python optional python-django-common_1.7.7-1+deb8u4_all.deb 720cb0275fa7d89925ae854e172da323 2488202 doc optional python-django-doc_1.7.7-1+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJW7QcTAAoJEAVMuPMTQ89ExBwP/0iyKy4LQkBO+K0/sKbyY1+K o3pdioVdz5ZfU38hJoqpSALQnkWaaILIxwwNt4iyUcMsJzxRw6BCvKFxeJDaf60R aIM6n6H34BwTOrmdMqMt7yY57Lg2B5xbMQrYsIc6/M4u76dDg+zlVl3GvLvwhTJk cxBHCXNJjBimmrkDV3+5RJMmHx5C/UgQkwQPNsWakAZcMkoFO0K6I1C32L9zvdQa Sfl6SU0veagi5o87rtzLm3C1jbv27ZcfPTrw0mh5YYD1Ranwh5XyBpHHO22msxtb G29lXg0dFGTuEw/rtA2kwyYVMhNmQcF3MQe6REMsvteZYuKdkQ4IB7r7/Ndp0tIU B6I10mJ4aNTs3GSCVlMMmLk1RZWbSDcjhSZt8Z+GnNMsqCNabAVut+vpzkNbtiYu SfHVfuEE1sGwf3eIOiL5aOa2nXkPr8dkCACtQoIA5vSBEfp2ytcsgJC/oBdaOl6W 8orAQ3EcpSQmZvTOba8BhLl3KuuAb6O1DYUT/zaMMMtuoTcgnFECZ/Q8J73B98Zj mxwxOuyfEFF5hzX7d89XRq+Dzk0sXFW/HsURUNZyU9ir2e6ft0qhhkapzHW1GF0z 4JL+bwykMqjzWVTFg6IHySTDoAqxcda/RZHDdY3lwT4AflTYI+fhm7UVpf1qR7z8 /XNw5H4QZFvXZk2aqvJE =VtkI -----END PGP SIGNATURE-----