[SECURITY] [DSA 3622-1] python-django security update

2016-07-1819:34:54

lists.debian.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Debian Security Advisory DSA-3622-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016 https://www.debian.org/security/faq

Package : python-django
CVE ID : CVE-2016-6186

It was discovered that Django, a high-level Python web development
framework, is prone to a cross-site scripting vulnerability in the
admin's add/change related popup.

For the stable distribution (jessie), this problem has been fixed in
version 1.7.7-1+deb8u5.

We recommend that you upgrade your python-django packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8allpython-django-common< 1.7.7-1+deb8u5python-django-common_1.7.7-1+deb8u5_all.deb
Debian8allpython-django< 1.7.7-1+deb8u5python-django_1.7.7-1+deb8u5_all.deb
Debian7allpython-django-doc< 1.4.5-1+deb7u17python-django-doc_1.4.5-1+deb7u17_all.deb
Debian8allpython3-django< 1.7.7-1+deb8u5python3-django_1.7.7-1+deb8u5_all.deb
Debian8allpython-django-doc< 1.7.7-1+deb8u5python-django-doc_1.7.7-1+deb8u5_all.deb
Debian7allpython-django< 1.4.5-1+deb7u17python-django_1.4.5-1+deb7u17_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	python-django-common	< 1.7.7-1+deb8u5	python-django-common_1.7.7-1+deb8u5_all.deb
Debian	8	all	python-django	< 1.7.7-1+deb8u5	python-django_1.7.7-1+deb8u5_all.deb
Debian	7	all	python-django-doc	< 1.4.5-1+deb7u17	python-django-doc_1.4.5-1+deb7u17_all.deb
Debian	8	all	python3-django	< 1.7.7-1+deb8u5	python3-django_1.7.7-1+deb8u5_all.deb
Debian	8	all	python-django-doc	< 1.7.7-1+deb8u5	python-django-doc_1.7.7-1+deb8u5_all.deb
Debian	7	all	python-django	< 1.4.5-1+deb7u17	python-django_1.4.5-1+deb7u17_all.deb