python-django - security update

2016-09-2600:00:00

Google

osv.dev

JSON

Sergey Bobrov discovered that cookie parsing in Django and Google
Analytics interacted such a way that an attacker could set arbitrary
cookies. This allows other malicious web sites to bypass the
Cross-Site Request Forgery (CSRF) protections built into Django.

For the stable distribution (jessie), this problem has been fixed in
version 1.7.11-1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.10-1.

We recommend that you upgrade your python-django packages.

CPENameOperatorVersion
python-djangoeq1.7.10-1
python-djangoeq1.7.11-1
python-djangoeq1.7.7-1
python-djangoeq1.7.7-1+deb8u1
python-djangoeq1.7.7-1+deb8u2
python-djangoeq1.7.7-1+deb8u3
python-djangoeq1.7.7-1+deb8u4
python-djangoeq1.7.7-1+deb8u5
python-djangoeq1.7.9-1

Name	Operator	Version
python-django	eq	1.7.10-1
python-django	eq	1.7.11-1
python-django	eq	1.7.7-1
python-django	eq	1.7.7-1+deb8u1
python-django	eq	1.7.7-1+deb8u2
python-django	eq	1.7.7-1+deb8u3
python-django	eq	1.7.7-1+deb8u4
python-django	eq	1.7.7-1+deb8u5
python-django	eq	1.7.9-1

References

www.debian.org/security/2016/dsa-3678

JSON