[SECURITY] [DSA 3544-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3544-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3544-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3544-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3544-1 (python-django - security update)

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication...

DSA-3544-1 python-django - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3544-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-django: User enumeration through timing difference on password hasher work factor upgrade

A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login...

Fedora Update for python-django FEDORA-2016-11183

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : python-django-1.8.11-1.fc23 (2016-11183ea08d)

fix regression in 1.8.10 ---- update to 1.8.10, fixing CVE-2016-2512, CVE-2016-2513 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 22 : python-django-1.8.11-1.fc22 (2016-b004d6d8f7)

fix regression in 1.8.10 ---- update to 1.8.10, fixing CVE-2016-2512, CVE-2016-2513 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

[SECURITY] Fedora 23 Update: python-django-1.8.11-1.fc23

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Ubuntu: Security Advisory (USN-2915-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2915-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0096)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2915-3: Django regression

USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled...

MGASA-2016-0096 Updated python-django packages fix security vulnerability

Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. CVE-2016-2512 Sjoerd Job Postmus discovered that Djan...

Fedora 22 : python-django-1.8.7-1.fc22 (2015-323274d412)

Update to 1.8.7 , fixing CVE-2015-8213 rhbz1285278 ---- python- django-1.8.4-1.fc22 - Do not install bash completion for python executables Ville Skytta, rhbz1253076 - CVE-2015-5963 Denial-of-service possibility in logout view by filling session store rhbz1254911 - CVE-2015-5964 Denial- of-servic...

Fedora 23 : python-django-1.8.7-1.fc23 (2015-a8c8f60fbd)

This update fixes CVE-2015-8213: Fixed settings leak possibility in date template filter, more info can be found https://www.djangoproject.com/weblog/2015/nov/24/security-releases-iss ued/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 23 : python-django-1.8.6-1.fc23 (2015-1dd5bc998f)

rebase to 1.8.6 rhbz1276914 ---- rebase to 1.8.5 rhbz1276914 ---- python-django-1.8.4-1.fc23 - Do not install bash completion for python executables Ville Skytta, rhbz1253076 - CVE-2015-5963 Denial-of-service possibility in logout view by filling session store rhbz1254911 - CVE-2015-5964...

Ubuntu: Security Advisory (USN-2915-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2016:0044-1 Security update for python-Django

This update fixes the following security issues: - bnc955412, CVE-2015-8213 Possible settings leak in date template filter - bnc937522, CVE-2015-5143 Possible denial-of-service in session store - bnc937523, CVE-2015-5144 Possible Header injection - bnc941587, CVE-2015-5963 Possible...