Overview

File _patchinfo of Package patchinfo.1854

<patchinfo>
  <issue id="787521" tracker="bnc" />
  <issue id="807175" tracker="bnc" />
  <issue id="CVE-2013-0306" tracker="cve" />
  <issue id="CVE-2013-1665" tracker="cve" />
  <issue id="CVE-2012-4520" tracker="cve" />
  <issue id="CVE-2013-0305" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>aledr</packager>
  <description>
python-django was updated to 1.4.5 to fix various security issues and bugs.

Update to 1.4.5:
- Security release.
- Fix bnc#807175 / bnc#787521 / CVE-2012-4520 / CVE-2013-0305 /
  CVE-2013-0306 and CVE-2013-1665.

- Update to 1.4.3:
  - Security release:
    - Host header poisoning
    - Redirect poisoning
  - Please check release notes for details:
    https://www.djangoproject.com/weblog/2012/dec/10/security

- Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin

- Update to 1.4.2:
  - Security release:
    - Host header poisoning
  - Please check release notes for details:
    https://www.djangoproject.com/weblog/2012/oct/17/security

- Update to 1.4.1:
  - Security release:
    - Cross-site scripting in authentication views
    - Denial-of-service in image validation
    - Denial-of-service via get_image_dimensions()
  - Please check release notes for details:
    https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued

- Add patch to support CSRF_COOKIE_HTTPONLY config
</description>
  <summary>python-django: security update to 1.4.5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places