-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 01 Feb 2018 17:57:13 +0000
Source: python-django
Binary: python3-django python-django-doc
Built-For-Profiles: nocheck
Architecture: source all
Version: 2:2.0.2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Changes:
python-django (2:2.0.2-1) experimental; urgency=medium
.
* New upstream security release:
- CVE-2018-6188: A regression in Django 1.11.8 made
django.contrib.auth.forms.AuthenticationForm run its
confirm_login_allowed() method even if an incorrect password is entered.
This can leak information about a user, depending on what messages
confirm_login_allowed() raises. If confirm_login_allowed() isn't
overridden, an attacker enter an arbitrary username and see if that user
has been set to is_active=False. If confirm_login_allowed() is
overridden, more sensitive details could be leaked.
* Use HTTPS Format: URI in debian/copyright.
Checksums-Sha1:
9a732dc1ec444b360ba0ee39b99c3e49c08d454b 2716 python-django_2.0.2-1.dsc
036c521f6984312f34a5f656ec29c0a56ab24ac6 8002374 python-django_2.0.2.orig.tar.gz
a79b563070d276ba521dbc4fc2924444cd8c008c 23036 python-django_2.0.2-1.debian.tar.xz
4afff864fa5c21cbc1f8034597a43ca1ee7fcf4b 2597180 python-django-doc_2.0.2-1_all.deb
2168a52bf461a4f64a9c954a219a11a272947fd6 7272 python-django_2.0.2-1_amd64.buildinfo
0376477ac24fa53a51c6f176cbd30b99dee1939e 2466592 python3-django_2.0.2-1_all.deb
Checksums-Sha256:
51018a4019f1405007e9a0e0bcc534c23afedbc56143b084665aaf5bf227243b 2716 python-django_2.0.2-1.dsc
dc3b61d054f1bced64628c62025d480f655303aea9f408e5996c339a543b45f0 8002374 python-django_2.0.2.orig.tar.gz
5f570bdc798bf2a3430df564759af74450a3043c67ef953692a1cff5ce475384 23036 python-django_2.0.2-1.debian.tar.xz
3a00b8d1d97ceeba930740b0d0d7d68956a212bfc46d2a89e85c5b0b4ab8f2ba 2597180 python-django-doc_2.0.2-1_all.deb
114286ae56cbd832954b6aa20554210ad9c0f037ccf2fda80f6efcca468e7b7d 7272 python-django_2.0.2-1_amd64.buildinfo
b911ac32a949cd5d5cd39bd0053749a5be7a7fbad87450b009f63bf904950730 2466592 python3-django_2.0.2-1_all.deb
Files:
ef19bf1ad8160800e7d7e03f9f29b98e 2716 python optional python-django_2.0.2-1.dsc
9d4ae0d4193bad0c6af751e54f3a4690 8002374 python optional python-django_2.0.2.orig.tar.gz
0603ccff1def6755df687635ef839956 23036 python optional python-django_2.0.2-1.debian.tar.xz
7a272a9aa6075738b8cac6d2062b2dfd 2597180 doc optional python-django-doc_2.0.2-1_all.deb
c3727ef1cfdd72dd005e775b66bf6dfd 7272 python optional python-django_2.0.2-1_amd64.buildinfo
3c9cf04e27303a7f1edf6d9bb73aeb3c 2466592 python optional python3-django_2.0.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlpzVmAACgkQHpU+J9Qx
HljOSg/6AuUzI40pDhkp7CdoKIerWAL9XeBfzzqFdBVX85lVrgXmlkDUt2Ev8UR1
oSwji3csiSAmEp9+sVQoclmYDRRjmWpW32KUlLP5AWXPApNaA4f5nR6OBKmpEEJq
pMLtSbtgAe2HcQWDR9ebbby5sXKqnn9KEhwZVspKPsAraFxSfI2LKDLI4d0zUn0K
SPSGCB1ko5WZb6qDRi9QXeDeU3ka0Y5IDNRkWzIP5wnOK5YwEKRJojiEItkG+1i5
A0UmzrM93bycPplU70jHus8ehZvlgPPOGZKhNQdgyYrRK/wTdr6cvhVg7FCsR1va
XcUvV+nMSBovyO9COkydApSpuzykTcSWfPsOhMW2N9N32wRnnLHMhLXtwjCTNQaZ
AFchWeSc4OPVFBwI9X/mSSCIWow8GkXAZzMIy+wJOrdnnAYt4ro8cYwZgtiMr/lD
DdlCTTahbYmIZcjcsgGg3obmtskXXnEpKaw4t6MMUl5l+uOwJLiCjBFp/mvdXN8z
BbAD2Z5WD4DVmGzlCAWpaRZB49OtJL+0/EAp2nB4bUsBwQRY/4vG/mKOnG+ly9CB
HoQLoewZB797LbPamUBzXuZNraZkcdFHw0r0Tt5735tZFdFUAlnYaz3jBvnEkFAB
CVn+n1ZoibNzGgZHW/J9fwv/qVRAPIMaGMW4SEsrNdZ0/H6aqi8=
=8547
-----END PGP SIGNATURE-----
