1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3404-1] python-django security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Nov 25 18:40:04 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3404-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2015 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-django
    CVE ID : CVE-2015-8213

    Ryan Butterfield discovered a vulnerability in the date template filter
    in python-django, a high-level Python web development framework. A
    remote attacker can take advantage of this flaw to obtain any secret in
    the application's settings.

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 1.4.5-1+deb7u14.

    For the stable distribution (jessie), this problem has been fixed in
    version 1.7.7-1+deb8u3.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.8.7-1.

    We recommend that you upgrade your python-django packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWVfAeAAoJEAVMuPMTQ89EDNoP/2vAxkuTyWOE/Wd3n44/pBNh KANS9oKRSvU7xXUvtyDNwhCOkQlv060yVyv3kr85L5WHspXCbmckLNpoXywwbd2m 4AHJEFeXI+YXtywx24VResVtOLzINyS1DE2qqfMqhlRJ7TCi8d/CwZM78/LICxHV OX6coza/acb0lKZs1Q/cPEaZDS9Tg+En+W3SaLRz9Lq7f5VMzSz9cJxH0gJcpehh pB//JH0C5VUSaN0owctFbYvxDl87NJhmYvMf6CSQqizBFVFXEQkkKgqcy5NFuO+7 wM3Xy7RsngetaOgD1pV84OljUS4xAenUNk2nh6fkcTIAaTfTx9SpK6JlsMQbkAdk p2LOU56GPSMRE181QuBORcUkKVYM3haAyHu8eYGqdm8iUU2rNpfVv8i3m5lQTg7h B8z742cp2j5RU9QHrZbOUiyYwSVpp1v9OUJk909kvGvjjHa3aTO3zi9OMR9GLebT p5MH/IhmnVX+gXZpBBmI+oCNufQ0Ajibm1cokmZZtZshndVPw/R5U4RSV566sKk8 +UXXD+upnjOaP6It1/yODQCZPEsnuZu9fju5D8hG3rO2xSOq+KBYrAJD+SWiihCJ slxKPXpjWA/SoroQH0OS79hpdEnW7WU6lFdR6u/jceE6EQgZrcLY6uowhpOCeQaj rds1cEMLt0FlLECVxTSm
    =Wyzd
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)