This bug was fixed in the package python-django - 1.6.1-2ubuntu0.8
---------------
python-django (1.6.1-2ubuntu0.8) trusty-security; urgency=medium
* SECURITY UPDATE: denial-of-service possibility with strip_tags
- debian/patches/CVE-2015-2316.patch: improve and fix infinite loop
possibility in django/utils/html.py, added tests to
tests/utils_tests/test_html.py, clarified documentation in
docs/ref/templates/builtins.txt, docs/ref/utils.txt.
- CVE-2015-2316
* SECURITY UPDATE: XSS attack via user-supplied redirect URLs
- debian/patches/CVE-2015-2317.patch: reject URLs that start with
control characters in django/utils/http.py, added test to
tests/utils_tests/test_http.py.
- CVE-2015-2317
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 20 Mar 2015 10:34:50
-0400
** Changed in: python-django (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2316
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2317
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1433376
Title:
fix a test failure seen with Python 2.7.9
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1433376/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
