-
Wed Apr 05 2017 Stephen Gallagher <sgallagh@redhat.com> - 1.6.11.6-1
- Update to the latest upstream security release 1.6.11.6
- https://www.reviewboard.org/news/2017/04/04/new-django-1-6-11-6-security-releases/
-
Fri Mar 04 2016 Matthias Runge <mrunge@redhat.com> - 1.6.11-5
- fix CVE-2016-2512 (rhbz#1314345)
- fix CVE-2016-2513
-
Mon Nov 30 2015 Matthias Runge <mrunge@redhat.com> - 1.6.11-4
- fix for CVE-2015-8213 (rhbz#1285279)
backport thanks to https://github.com/beanbaginc/django/
- changed patches to use rdopkg for managing patches
-
Wed Aug 26 2015 Matthias Runge <mrunge@redhat.com> - 1.6.11-3
- cherry-pick fix for Denial-of-service possibility in logout()
view by filling session store CVE-2015-5963, CVE-2015-5964
- Prevented newlines from being accepted in some validators.
-
Thu Jul 16 2015 Matthias Runge <mrunge@redhat.com> - 1.6.11-2
- cherry pick fix for CVE-2015-5143 (DoS by filling session store)
rhbz#1239010
-
Mon Mar 23 2015 Matthias Runge <mrunge@redhat.com> - 1.6.11-1
- fix CVE-2015-2316 (rhbz#1203615)
- fix CVE-2015-2317 (rhbz#1203618)
-
Wed Jan 14 2015 Matthias Runge <mrunge@redhat.com> - 1.6.10-1
- fix CVE-2015-0219 (rhbz#1181939)
- fix CVE-2015-0220 (rhbz#1181943)
- fix CVE-2015-0221 (rhbz#1181946)
- fix CVE-2015-0222 (rhbz#1181951)
-
Mon Jan 05 2015 Matthias Runge <mrunge@redhat.com> - 1.6.9-1
- update to 1.6.9
-
Tue Nov 11 2014 Matthias Runge <mrunge@redhat.com> - 1.6.8-1
- update to 1.6.8
-
Thu Sep 25 2014 Matthias Runge <mrunge@redhat.com> - 1.6.7-1
- update to 1.6.7
- don't own bash-completion dir.