python-django 2:2.0.2-1 source package in Debian
Changelog
python-django (2:2.0.2-1) experimental; urgency=medium * New upstream security release: - CVE-2018-6188: A regression in Django 1.11.8 made django.contrib.auth.forms.AuthenticationForm run its confirm_login_allowed() method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirm_login_allowed() raises. If confirm_login_allowed() isn't overridden, an attacker enter an arbitrary username and see if that user has been set to is_active=False. If confirm_login_allowed() is overridden, more sensitive details could be leaked. * Use HTTPS Format: URI in debian/copyright. -- Chris Lamb <email address hidden> Thu, 01 Feb 2018 17:57:13 +0000
Upload details
- Uploaded by:
- Debian Python Modules Team
- Uploaded to:
- Experimental
- Original maintainer:
- Debian Python Modules Team
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_2.0.2-1.dsc | 2.7 KiB | 51018a4019f1405007e9a0e0bcc534c23afedbc56143b084665aaf5bf227243b |
python-django_2.0.2.orig.tar.gz | 7.6 MiB | dc3b61d054f1bced64628c62025d480f655303aea9f408e5996c339a543b45f0 |
python-django_2.0.2-1.debian.tar.xz | 22.5 KiB | 5f570bdc798bf2a3430df564759af74450a3043c67ef953692a1cff5ce475384 |
No changes file available.