Overview Details Repositories Revisions Requests Users Attributes Meta
python-django: security update to 1.4.5

python-django was updated to 1.4.5 to fix various security issues and bugs.

Update to 1.4.5:
- Security release.
- Fix bnc#807175 / bnc#787521 / CVE-2012-4520 / CVE-2013-0305 /
CVE-2013-0306 and CVE-2013-1665.

- Update to 1.4.3:
- Security release:
- Host header poisoning
- Redirect poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/dec/10/security

- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin

- Update to 1.4.2:
- Security release:
- Host header poisoning
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security

- Update to 1.4.1:
- Security release:
- Cross-site scripting in authentication views
- Denial-of-service in image validation
- Denial-of-service via get_image_dimensions()
- Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued

- Add patch to support CSRF_COOKIE_HTTPONLY config

Fixed bugs
bnc#787521
VUL-0: python-django: 1.3.4 and 1.4.2 to fix host header poisoning problem
bnc#807175
VUL-1: python-django: multiple issues (Auth. bypass, Denial of Service)
CVE-CVE-2013-0306
CVE-CVE-2013-1665
CVE-CVE-2012-4520
CVE-CVE-2013-0305
Selected Binaries
openSUSE Build Service is sponsored by
Places