7 matches found
openSUSE Security Update : python-Django (openSUSE-2015-281)
python-django was updated to 1.6.11 to fix security issues and non-security bugs. THe following vulnerabilities were fixed : - Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 - Fixed an infinite...
Debian DLA-143-1 : python-django security update
Multiple security issues have been found in Django: https://www.djangoproject.com/weblog/2015/jan/13/security/ For Debian 6 Squeeeze, they have been fixed in version 1.2.3-3+squeeze12 of python-django. Here is what the upstream developers have to say about those issues : CVE-2015-0219 - WSGI head...
[SECURITY] [DLA 143-1] python-django security update
Package : python-django Version : 1.2.3-3+squeeze12 CVE ID : CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 Multiple security issues have been found in Django: https://www.djangoproject.com/weblog/2015/jan/13/security/ For Debian 6 Squeeeze, they have been fixed in version 1.2.3-3+squeeze12 of...
DLA-143-1 python-django - security update
Bulletin has no description...
MGASA-2015-0026 Updated python-django and python-django14 packages fix security vulnerabilities
Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...
PYSEC-2015-4
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...
PT-2015-4526 · Django +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Django versions 1.4.17 and earlier Django versions 1.6.x before 1.6.10 Django versions 1.7.x before 1.7.3 Description: The issue allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in a...