From 23ed2cf2dc85f98412862c66766f9aaeee23621e Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Wed, 14 Jan 2015 15:21:44 -0300 Subject: python-django: security bump to version 1.7.3 Fixes: CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2015-0221 - incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni --- package/python-django/python-django.hash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'package/python-django/python-django.hash') diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash index 0195a13b05..f51c9b4741 100644 --- a/package/python-django/python-django.hash +++ b/package/python-django/python-django.hash @@ -1,2 +1,2 @@ -# sha256 from https://www.djangoproject.com/m/pgp/Django-1.7.2.checksum.txt -sha256 31c6c3c229f8c04b3be87e6afc3492903b57ec8f1188a47b6ae160d90cf653c8 Django-1.7.2.tar.gz +# sha256 from https://www.djangoproject.com/m/pgp/Django-1.7.3.checksum.txt +sha256 f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b Django-1.7.3.tar.gz -- cgit v1.2.3