kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
258716 commits 166 branches 0 tags 1.5 GiB
Commit graph

9 commits

Author SHA1 Message Date
agc
b9b754e081 Add SHA512 digests for distfiles for www category 
Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
 2015-11-04 02:46:46 +00:00
joerg
84c5b09170 Update to Django 1.4.22: Security fixes. 2015-09-02 12:38:53 +00:00
adam
c10dcd7c87 Changes 1.4.20: 
* Mitigated possible XSS attack via user-supplied redirect URLs
 2015-03-19 09:57:05 +00:00
adam
fda78f32f2 Changes 1.4.19: 
* GZipMiddleware now supports streaming responses. As part of the 1.4.18 security release, the django.views.static.serve() function was altered to stream the files it serves. Unfortunately, the GZipMiddleware consumed the stream prematurely and prevented files from being served properly.
 2015-01-28 06:39:40 +00:00
adam
26bdcbf8a1 Fixed securify issues: 
* WSGI header spoofing via underscore/dash conflation
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against django.views.static.serve
* Database denial-of-service with ModelMultipleChoiceField
 2015-01-14 17:07:12 +00:00
adam
021c651f1f Changes 1.4.14: 
Security fixes:
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
 2014-08-23 12:16:45 +00:00
joerg
fbb040e6f6 Update to Django 1.4.13: 
- caching framework may expose private data and/or allow cache poisoning
- stricter checking for valid URLs when redirecting based on user input,
  e.g. on the login page
 2014-06-10 11:58:10 +00:00
joerg
82bb55de1f Update to Django 1.4.12: 
- fix a potential execution of undesired code via reverse()
- avoid leaking the CSRF token via caching of anonymous requests
- fix missing explicit typecasts for MySQL
 2014-05-09 11:38:27 +00:00
joerg
5f8459fc53 Add the LTS version of www/py-django for users that desire less 
volatility.
 2013-11-14 21:27:01 +00:00