python-django was updated to 1.4.5 to fix various security issues and bugs.
Update to 1.4.5:
- Security release.
- Fix bnc#807175 / bnc#787521 / CVE-2012-4520 / CVE-2013-0305 /
CVE-2013-0306 and CVE-2013-1665.
- Update to 1.4.3:
- Security release:
- Host header poisoning
- Redirect poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/dec/10/security
- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin
- Update to 1.4.2:
- Security release:
- Host header poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security
- Update to 1.4.1:
- Security release:
- Cross-site scripting in authentication views
- Denial-of-service in image validation
- Denial-of-service via get_image_dimensions()
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued
- Add patch to support CSRF_COOKIE_HTTPONLY config
- Submitted by Alexandre Rogoski (aledr)