Debian
python-django package

python-django 2:2.1.2-1 source package in Debian

Changelog

python-django (2:2.1.2-1) experimental; urgency=medium

  * New upstream security release.

    CVE-2018-16984: Password hash disclosure to "view only" admin users. If an
    admin user has the change permission to the user model, only part of the
    password hash is displayed in the change form. Admin users with the view
    (but not change) permission to the user model were displayed the entire
    hash.  While it's typically infeasible to reverse a strong password hash,
    if a site uses weaker password hashing algorithms such as MD5 or SHA1,
    it could be a problem. (Closes: #910016)

  * Move all documentation to /usr/share/doc.
  * Really remove all license files (eg. LICENSE-SELECT2.md).
  * debian/tests/control: Drop deprecated needs-recommends test restriction.

 -- Chris Lamb <email address hidden>  Mon, 01 Oct 2018 14:23:27 +0100

Upload details

Uploaded by:
Debian Python Modules Team
Uploaded to:
Experimental
Original maintainer:
Debian Python Modules Team
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
python-django_2.1.2-1.dsc 2.6 KiB b798bc6dde6d3522ba1bd4695d21cf96560849326927359438b3ca7e1a9cd764
python-django_2.1.2.orig.tar.gz 8.2 MiB efbcad7ebb47daafbcead109b38a5bd519a3c3cd92c6ed0f691ff97fcdd16b45
python-django_2.1.2-1.debian.tar.xz 23.3 KiB 43d9571a097a37a5b22282fae120caacab90b542fd3024d89357f68fd207515c

No changes file available.

Binary packages built by this source