Lucene search

K
mageiaGentoo FoundationMGASA-2015-0463
HistoryDec 05, 2015 - 2:31 a.m.

Updated python-django packages fix security vulnerability

2015-12-0502:31:36
Gentoo Foundation
advisories.mageia.org
5

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.3%

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application’s settings by specifying a settings key instead of a date format (CVE-2015-8213).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchpython-django< 1.8.7-1python-django-1.8.7-1.mga5

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.3%