MGASA-2015-0127 Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

Updated python-django packages fix security vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonlyfields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected...

openSUSE Security Update : python-Django (openSUSE-2015-281)

python-django was updated to 1.6.11 to fix security issues and non-security bugs. THe following vulnerabilities were fixed : - Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 - Fixed an infinite...

SUSE-SU-2015:1112-1 Security update for python-Django

python-django was updated to 1.6.11 to fix security issues and non-security bugs. The following vulnerabilities were fixed: Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 Fixed an infinite loop...

SUSE-SU-2015:1109-1 Security update for python-Django

python-django was updated to 1.6.11 to fix security issues and non-security bugs. The following vulnerabilities were fixed: Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 Fixed an infinite loop...

Mandriva Linux Security Advisory : python-django (MDVSA-2015:109)

Updated python-django packages fix security vulnerabilities : Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django...

Debian DLA-65-1 : python-django security update

This update address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. http://www.freexian.com/services/debian-lts.html CVE-2014-0480 Django...

SUSE-SU-2015:0694-1 Security update for python-Django

python-Django has been updated to fix two vulnerabilities: URLs starting with control characters could have allowed XSS cross-site-scripting attacks via user-supplied redirect URLs CVE-2015-2317 An infinite loop possibility could be triggered in the striptags function, which allowed denial of...

Debian DSA-3204-1 : python-django - security update

Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

[SECURITY] [DSA 3204-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3204-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3204-1 (python-django - security update)

Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. OpenVAS Vulnerability Test $Id: deb3204.nasl 6609 2017-07-07 12:05:59Z...

Ubuntu: Security Advisory (USN-2539-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-3204-1 python-django - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3204-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : python-django-1.8-0.6.b2.fc22 (2015-3727)

1.8b2 snapshot and security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

[ MDVSA-2015:036 ] python-django

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:036 http://www.mandriva.com/en/support/security/ Package : python-django Date : February 6, 2015 Affected: Business Server 1.0 Problem Description: Updated python-django packages fix security vulnerabilities...

Mandriva Linux Security Advisory : python-django (MDVSA-2015:036)

Updated python-django packages fix security vulnerabilities : Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django...

Ubuntu: Security Advisory (USN-2469-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 3151-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3151-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 03, 2015 http://www.debian.org/security/faq -...