[SECURITY] [DLA 206-1] python-django-markupfield security update

Package : python-django-markupfield Version : 1.0.0a2-1+deb6u1 CVE ID : CVE-2015-0846 James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didnt disable the ..raw directive, allowing remote attackers to include arbitra...

Moderate: Red Hat Security Advisory: python-django-horizon and python-django-openstack-auth update

Updated python-django-horizon and python-django-openstack-auth packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security...

Moderate: Red Hat Security Advisory: python-django-horizon and python-django-openstack-auth update

Updated python-django-horizon and python-django-openstack-auth packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security...

Mandriva Linux Security Advisory : python-django (MDVSA-2015:195)

A vulnerability has been discovered and corrected in python-django : The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS...

Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

MGASA-2015-0127 Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

openSUSE Security Update : python-Django (openSUSE-2015-281)

python-django was updated to 1.6.11 to fix security issues and non-security bugs. THe following vulnerabilities were fixed : - Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 - Fixed an infinite...

SUSE-SU-2015:1109-1 Security update for python-Django

python-django was updated to 1.6.11 to fix security issues and non-security bugs. The following vulnerabilities were fixed: Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 Fixed an infinite loop...

SUSE-SU-2015:1112-1 Security update for python-Django

python-django was updated to 1.6.11 to fix security issues and non-security bugs. The following vulnerabilities were fixed: Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 Fixed an infinite loop...

Mandriva Linux Security Advisory : python-django (MDVSA-2015:109)

Updated python-django packages fix security vulnerabilities : Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django...

Debian DLA-65-1 : python-django security update

This update address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. http://www.freexian.com/services/debian-lts.html CVE-2014-0480 Django...

SUSE-SU-2015:0694-1 Security update for python-Django

python-Django has been updated to fix two vulnerabilities: URLs starting with control characters could have allowed XSS cross-site-scripting attacks via user-supplied redirect URLs CVE-2015-2317 An infinite loop possibility could be triggered in the striptags function, which allowed denial of...

Debian DSA-3204-1 : python-django - security update

Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

[SECURITY] [DSA 3204-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3204-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...

DSA-3204-1 python-django - security update

Bulletin has no description...

Debian Security Advisory DSA 3204-1 (python-django - security update)

Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. OpenVAS Vulnerability Test $Id: deb3204.nasl 6609 2017-07-07 12:05:59Z...

Ubuntu: Security Advisory (USN-2539-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-3204-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : python-django-1.8-0.6.b2.fc22 (2015-3727)

1.8b2 snapshot and security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...