← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #00994

[Bug 1553251] Re: USN-2915-1 introduced a regression in is_safe_url()

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package python-django - 1.8.7-1ubuntu3

---------------
python-django (1.8.7-1ubuntu3) xenial; urgency=medium

  * SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251)
    - debian/patches/CVE-2016-2512-regression.patch: force url to unicode
      in django/utils/http.py, added test to
      tests/utils_tests/test_http.py.
    - CVE-2016-2512

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Fri, 04 Mar 2016
11:03:43 -0500

** Changed in: python-django (Ubuntu Xenial)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2512

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1553251

Title:
  USN-2915-1 introduced a regression in is_safe_url()

Status in Django:
  Unknown
Status in python-django package in Ubuntu:
  Fix Released
Status in python-django source package in Precise:
  Confirmed
Status in python-django source package in Trusty:
  Confirmed
Status in python-django source package in Wily:
  Confirmed
Status in python-django source package in Xenial:
  Fix Released

Bug description:
  See
  https://github.com/claudep/django/commit/7ee019b60ab696930c8b692bff7d29c0f4cea885

To manage notifications about this bug go to:
https://bugs.launchpad.net/django/+bug/1553251/+subscriptions

References

  Thread PreviousDate PreviousThread Next