[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4264-1] python-django security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4264-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 05, 2018                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2018-14574

Andreas Hug discovered an open redirect in Django, a Python web
development framework, which is exploitable if
django.middleware.common.CommonMiddleware is used and the APPEND_SLASH
setting is enabled.

For the stable distribution (stretch), this problem has been fixed in
version 1:1.10.7-2+deb9u2.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltmzGgACgkQEMKTtsN8
TjbRCg/9EEHC2y1WWDUSFXX4Jr0oGnedUOAHzLf5IKPjTxpzidvvt+2GegujQAC8
OJ4x/VgcGaaxKdunLWlaQDYBzET8IVZsdU6WC2byFe/KqNp8aEox/xQYsR4UhEi/
pEWcJaufWCaNh0pV53P/iCRDxxPkc3YXb34HlUNofFy38eOgCAjf+AhtuqlcLUZS
w6Ve3Z/YqxaXvWq1GC5miSghnkTVje1irp7P2AejN1wcVLw1Qm3RvdOW9kqauH7K
c38vqRDFM1Erp4qFSPO+vby8XRHrd8AmNfDgOfhJ3oKJUDLM5gAbJEbOUrTFm5nT
2PZ21hjV0UxQR2y6KMQGVm2J1+tOCdLAifuMn8iIHroSTJ+aRm4S9s1P9VmB3sbE
+Nb6UncqF9juoyKNey1k2d1x3eEesuYWRciSkTlPEqMdf+dNlYvxMxRToBKAR392
5zi2FXB8jhxUxqrZtfLo0Pl2Y576J/Zx9Y/VRZoO6s41P0bYpzfubYZ9c6VX6cv+
QtCOe6qTgKES+OQAkF+sE0Mcy6VJ9vybpPXSN5KnKS+KOq/8qfQHJnKOvgZUyqN3
otlv6517B9REKGp/Uqw7fco+ojMDmMKAPhQLqGtU9oYWpiTjnQXfGL0tNEQJarH0
WtC67LYOKQ/ag49ckL4XssHn0vABITsVqbUTvRYeb+IttbZivOk=
=5lk8
-----END PGP SIGNATURE-----


Reply to: