Ispravljena tri propusta u programskom paketu Django

Ispravljena su tri propusta koja se javljaju u programskom paketu Django. Django je slobodno dostupno web razvojno okruženje napisano u programskom jeziku Python. Propusti se javljaju zbog pogrešaka vezanih uz "django.contrib.a" i "django.contrib.auth", te pogrešnog rukovanja kolačićima (eng. cookies). Propuste može iskoristiti udaljeni napadač za izvođenje napada uskraćivanjem usluge (DoS), otkrivanje osjetljivih informacija ili XSS napad. Svim korisnicima se savjetuje primjena odgovarajućih zakrpa kako bi otklonili probleme.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0120
2011-01-04 20:16:12
--------------------------------------------------------------------------------

Name        : Django
Product     : Fedora 14
Version     : 1.2.4
Release     : 1.fc14
URL         : http://www.djangoproject.com/
Summary     : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan  3 2011 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.4-1
- Update for multiple security issues (see
http://www.djangoproject.com/weblog/2010/dec/22/security/)
* Sat Oct  9 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.3-3
- Now build docs for F12+
- Added Django-remove-djangodocs-ext.patch
* Sat Oct  9 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.3-2
- Moved to dirhtml for documentation generation
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #665373 - CVE-2010-4534, CVE-2010-4535 Information leakage and DoS
vulnerabilities in Django < 1.2.4 & 1.1.3
        https://bugzilla.redhat.com/show_bug.cgi?id=665373
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update Django' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0096
2011-01-04 20:15:26
--------------------------------------------------------------------------------

Name        : Django
Product     : Fedora 13
Version     : 1.2.4
Release     : 1.fc13
URL         : http://www.djangoproject.com/
Summary     : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan  3 2011 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.4-1
- Update for multiple security issues (see
http://www.djangoproject.com/weblog/2010/dec/22/security/)
* Sat Oct  9 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.3-3
- Now build docs for F12+
- Added Django-remove-djangodocs-ext.patch
* Sat Oct  9 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.3-2
- Moved to dirhtml for documentation generation
* Mon Sep 13 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.3-1
- Update for http://www.djangoproject.com/weblog/2010/sep/10/123/
* Thu Sep  9 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.2-1
- Update for CVE-2010-3082 (see
http://www.djangoproject.com/weblog/2010/sep/08/security-release/)
- Removed Django-hash-compat-13310.patch as it is already included in this
release
* Wed Jul 21 2010 David Malcolm <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-6
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jun  8 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-5
- Added http://code.djangoproject.com/changeset/13310?format=diff&new=13310 per
BZ#601212
* Thu Jun  3 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-4
- Include egg in >= rhel6
* Thu Jun  3 2010 Michel Salim <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-3
- Use generated %{name}.lang instead of including each locale file by hand
- Temporarily make main package provide -doc on Rawhide, to fix upgrade path
  until upstream documentation builds with Sphinx 1.0
* Thu May 27 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-2
- Allow for building docs in F13 as it's only F14 freaking out
* Tue May 25 2010 Steve 'Ashcrow' Milner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.1-1
- Update for new release.
- Added lang files per BZ#584866.
- Changed perms on %{python_sitelib}/django/contrib/admin/media/js/compress.py
- Lots of explicit files listed in %files in order to reduce duplicate file
listings
- Docs are not built on F-13 for now
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #665373 - CVE-2010-4534, CVE-2010-4535 Information leakage and DoS
vulnerabilities in Django < 1.2.4 & 1.1.3
        https://bugzilla.redhat.com/show_bug.cgi?id=665373
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update Django' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Ispravljena tri propusta u programskom paketu Django

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti