python-django 2:2.0.2-1 source package in Debian
Changelog
python-django (2:2.0.2-1) experimental; urgency=medium
* New upstream security release:
- CVE-2018-6188: A regression in Django 1.11.8 made
django.contrib.auth.forms.AuthenticationForm run its
confirm_login_allowed() method even if an incorrect password is entered.
This can leak information about a user, depending on what messages
confirm_login_allowed() raises. If confirm_login_allowed() isn't
overridden, an attacker enter an arbitrary username and see if that user
has been set to is_active=False. If confirm_login_allowed() is
overridden, more sensitive details could be leaked.
* Use HTTPS Format: URI in debian/copyright.
-- Chris Lamb <email address hidden> Thu, 01 Feb 2018 17:57:13 +0000
Upload details
- Uploaded by:
- Debian Python Modules Team
- Uploaded to:
- Experimental
- Original maintainer:
- Debian Python Modules Team
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_2.0.2-1.dsc | 2.7 KiB | 51018a4019f1405007e9a0e0bcc534c23afedbc56143b084665aaf5bf227243b |
| python-django_2.0.2.orig.tar.gz | 7.6 MiB | dc3b61d054f1bced64628c62025d480f655303aea9f408e5996c339a543b45f0 |
| python-django_2.0.2-1.debian.tar.xz | 22.5 KiB | 5f570bdc798bf2a3430df564759af74450a3043c67ef953692a1cff5ce475384 |
No changes file available.
