--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2020-9ffdf25269
2020-01-24 17:46:19.389562
--------------------------------------------------------------------------------
Name : python-django
Product : Fedora EPEL 7
Version : 1.11.27
Release : 1.el7
URL :
https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
--------------------------------------------------------------------------------
Update Information:
update to 1.11.27, fix CVE-2019-19844 (rhbz#1788427)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 7 2020 Matthias Runge <mrunge(a)redhat.com> - 1.11.27-1
- update to 1.11.27, fix CVE-2019-19844 (rhbz#1788427)
* Tue Aug 6 2019 Matthias Runge <mrunge(a)redhat.com> - 1.11.23-1
- Fix CVE-2019-14232 (rhbz#1735768)
- Fix CVE-2019-14233 (rhbz#1735772)
- Fix CVE-2019-14234 (rhbz#1735776)
- Fix CVE-2019-14235 (rhbz#1735781)
* Tue Jun 25 2019 Matthias Runge <mrunge(a)redhat.com> - 1.11.21-2
- add python3 support, thanks to Tuomo Soini <tis(a)foobar.fi>
* Tue Jun 4 2019 Matthias Runge <mrunge(a)redhat.com> - 1.11.21-1
- fix for CVE-2019-12308 (rhbz#1716764)
* Fri Mar 15 2019 Matthias Runge <mrunge(a)redhat.com> - 1.11.20-2
- enable python3 subpackage
* Wed Feb 20 2019 Matthias Runge <mrunge(a)redhat.com> - 1.11.20-1
- Fix for CVE-2019-6975 (rhbz#1678265)
* Mon Jan 7 2019 Matthias Runge <mrunge(a)redhat.com> - 1.11.18-1
- update to 1.11.18, fix for CVE-2019-3498 (rhbz#1663724)
* Mon Nov 19 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1.11.13-4
- Drop %{python_provide} macros introducing automatic Obsoletes
* Mon Nov 19 2018 Matthias Runge <mrunge(a)redhat.com> - 1.11.13-3
- drop all obsoletes
* Thu Nov 15 2018 Matthias Runge <mrunge(a)redhat.com> - 1.11.13-2
- rebase EPEL7 package to Django-1.11.x
* Mon May 21 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.11.13-2
- Make python2-django require python-django-bash-completion (as intended)
* Wed Apr 5 2017 Stephen Gallagher <sgallagh(a)redhat.com> - 1.6.11.6-1
- Update to the latest upstream security release 1.6.11.6
-
https://www.reviewboard.org/news/2017/04/04/new-django-1-6-11-6-security-...
* Fri Mar 4 2016 Matthias Runge <mrunge(a)redhat.com> - 1.6.11-5
- fix CVE-2016-2512 (rhbz#1314345)
- fix CVE-2016-2513
* Mon Nov 30 2015 Matthias Runge <mrunge(a)redhat.com> - 1.6.11-4
- fix for CVE-2015-8213 (rhbz#1285279)
backport thanks to
https://github.com/beanbaginc/django/
- changed patches to use rdopkg for managing patches
* Wed Aug 26 2015 Matthias Runge <mrunge(a)redhat.com> - 1.6.11-3
- cherry-pick fix for Denial-of-service possibility in logout()
view by filling session store CVE-2015-5963, CVE-2015-5964
- Prevented newlines from being accepted in some validators.
* Thu Jul 16 2015 Matthias Runge <mrunge(a)redhat.com> - 1.6.11-2
- cherry pick fix for CVE-2015-5143 (DoS by filling session store)
rhbz#1239010
* Mon Mar 23 2015 Matthias Runge <mrunge(a)redhat.com> - 1.6.11-1
- fix CVE-2015-2316 (rhbz#1203615)
- fix CVE-2015-2317 (rhbz#1203618)
* Wed Jan 14 2015 Matthias Runge <mrunge(a)redhat.com> - 1.6.10-1
- fix CVE-2015-0219 (rhbz#1181939)
- fix CVE-2015-0220 (rhbz#1181943)
- fix CVE-2015-0221 (rhbz#1181946)
- fix CVE-2015-0222 (rhbz#1181951)
* Mon Jan 5 2015 Matthias Runge <mrunge(a)redhat.com> - 1.6.9-1
- update to 1.6.9
* Tue Nov 11 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.8-1
- update to 1.6.8
* Thu Sep 25 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.7-1
- update to 1.6.7
- don't own bash-completion dir.
* Thu Aug 21 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.6-1
- update to 1.6.6
- fix CVE-2014-0480 (rhbz#1129950)
- fix CVE-2014-0481 (rhbz#1129952)
- fix CVE-2014-0482 (rhbz#1129954)
- fix CVE-2014-0483 (rhbz#1129959)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.6.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <kalevlember(a)gmail.com> - 1.6.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Python_3.4
* Fri May 16 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.5-1
- update to 1.6.5 CVE-2014-1418, CVE-2014-3730 (rhbz#1097935)
* Mon May 12 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-2
- don't hardcode python3.3
* Wed May 7 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-1
- update to 1.6.4 fix a potential regression in reverse()
* Tue Apr 22 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.3-1
- update to 1.6.3 fixing CVE-2014-0473 and CVE-2014-0474
* Thu Mar 27 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-2
- remove simplejson requirement
- make bash-completion a sub-package, both main packages can require
* Thu Feb 13 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-1
- update to 1.6.2 (rhbz#1027766)
- bash completion for python3-django-admin (rhbz#1035987)
* Mon Jan 27 2014 Matthias Runge <mrunge(a)redhat.com> - 1.5.4-3
- python-simplejson is not a hard requirement any more
* Thu Dec 19 2013 Dennis Gilmore <dennis(a)ausil.us> - 1.5.4-2
- disable python3 on epel7
* Sun Nov 24 2013 Mat��j Cepl <mcepl(a)redhat.com> - 1.6-1
- update to 1.6 (rhbz#1027766)
* Tue Oct 29 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.5-2
- fix obsoletes
* Mon Oct 28 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.5-1
- update to 1.5.5 (rhbz#1023407)
* Mon Sep 16 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.4-1
- fix CVE-2013-1443 (DoS via large passwords), fixes rhbz#1008281
* Wed Sep 11 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.3-1
- fix CVE-2013-4315 (ssi issue), fixes rhbz 1004969
* Tue Aug 20 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.2-2
- increase obsoletes to 1.4.6-2
* Wed Aug 14 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.2-1
- security related update
* Mon Aug 5 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.1-3
- rebuild to fix build issues during mass rebuild.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 2 2013 Matthias Runge <mrunge(a)redhat.com> - 1.5.1-1
- update to Django-1.5.1 (rhbz#929413)
* Wed Mar 27 2013 Miro Hron��ok <mhroncok(a)redhat.com> - 1.5-3
- separated lang files for Python 2 and 3
- list %files in Python 3 subpackage more precisely to not include locale files
- added %doc to Python 3 subpackage
- removed trailing slash after %{buildroot} to avoid double slash
- fixed bogus dates in %changelog
- made %check verbose, so it is not so boring to watch them run
- created python3 doc package
- created python3- prefixed symlink to manpage
- comment added about shared content - manpages
* Wed Mar 27 2013 Bohuslav Kabrda <bkabrda(a)redhat.com> - 1.5-2
- Make the python3 subpackage install first, so that django-admin
doesn't get overwritten.
- Don't own %{python3_sitelib} itself, but only its contents.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1788425 - CVE-2019-19844 Django: crafted email address allows account
takeover
https://bugzilla.redhat.com/show_bug.cgi?id=1788425
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-django' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------