[ MDVSA-2015:036 ] python-django

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:036
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : python-django
 Date    : February 6, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated python-django packages fix security vulnerabilities:
 
 Jedediah Smith discovered that Django incorrectly handled underscores
 in WSGI headers. A remote attacker could possibly use this issue to
 spoof headers in certain environments (CVE-2015-0219).
 
 Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
 redirect URLs. A remote attacker could possibly use this issue to
 perform a cross-site scripting attack (CVE-2015-0220).
 
 Alex Gaynor discovered that Django incorrectly handled reading files

007 Software

[ MDVSA-2015:036 ] python-django

Leave a Reply Cancel reply

Software and Security Information