1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4264-1] python-django security update

    From Moritz Muehlenhoff@1:229/2 to All on Sun Aug 5 12:40:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4264-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 05, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-django
    CVE ID : CVE-2018-14574

    Andreas Hug discovered an open redirect in Django, a Python web
    development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH
    setting is enabled.

    For the stable distribution (stretch), this problem has been fixed in
    version 1:1.10.7-2+deb9u2.

    We recommend that you upgrade your python-django packages.

    For the detailed security status of python-django please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/python-django

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltmzGgACgkQEMKTtsN8 TjbRCg/9EEHC2y1WWDUSFXX4Jr0oGnedUOAHzLf5IKPjTxpzidvvt+2GegujQAC8 OJ4x/VgcGaaxKdunLWlaQDYBzET8IVZsdU6WC2byFe/KqNp8aEox/xQYsR4UhEi/ pEWcJaufWCaNh0pV53P/iCRDxxPkc3YXb34HlUNofFy38eOgCAjf+AhtuqlcLUZS w6Ve3Z/YqxaXvWq1GC5miSghnkTVje1irp7P2AejN1wcVLw1Qm3RvdOW9kqauH7K c38vqRDFM1Erp4qFSPO+vby8XRHrd8AmNfDgOfhJ3oKJUDLM5gAbJEbOUrTFm5nT 2PZ21hjV0UxQR2y6KMQGVm2J1+tOCdLAifuMn8iIHroSTJ+aRm4S9s1P9VmB3sbE +Nb6UncqF9juoyKNey1k2d1x3eEesuYWRciSkTlPEqMdf+dNlYvxMxRToBKAR392 5zi2FXB8jhxUxqrZtfLo0Pl2Y576J/Zx9Y/VRZoO6s41P0bYpzfubYZ9c6VX6cv+ QtCOe6qTgKES+OQAkF+sE0Mcy6VJ9vybpPXSN5KnKS+KOq/8qfQHJnKOvgZUyqN3 otlv6517B9REKGp/Uqw7fco+ojMDmMKAPhQLqGtU9oYWpiTjnQXfGL0tNEQJarH0 WtC67LYOKQ/ag49ckL4XssHn0vABITsVqbUTvRYeb+IttbZivOk=
    =5lk8
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)