[SECURITY] [DLA DLA-649-1] python-django security update

2016-10-06T21:23:18
ID DEBIAN:DLA-649-1:44929
Type debian
Reporter Debian
Modified 2016-10-06T21:23:18

Description

Package : python-django Version : 1.4.22-1+deb7u1 CVE ID : CVE-2016-7401

It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework.

More information can be found in the upstream announcement:

https://www.djangoproject.com/weblog/2016/sep/26/security-releases/

For Debian 7 "Wheezy", this issue has been fixed in python-django version 1.4.22-1+deb7u1.

We recommend that you upgrade your python-django packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-