Parent Directory | Revision Log
MGASA-2017-0106: python-django-1.8.16-1.1.mga5
1 | type: security |
2 | subject: Updated python-django packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2017-7233 |
5 | - CVE-2017-7234 |
6 | src: |
7 | 5: |
8 | core: |
9 | - python-django-1.8.16-1.1.mga5 |
10 | description: | |
11 | It was discovered that Django incorrectly handled numeric redirect URLs. A |
12 | remote attacker could possibly use this issue to perform XSS attacks, and |
13 | to use a Django server as an open redirect. (CVE-2017-7233) |
14 | |
15 | Phithon Gong discovered that Django incorrectly handled certain URLs when |
16 | the jango.views.static.serve() view is being used. A remote attacker could |
17 | possibly use a Django server as an open redirect. (CVE-2017-7234) |
18 | references: |
19 | - https://bugs.mageia.org/show_bug.cgi?id=20628 |
20 | - https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ |
21 | - http://www.ubuntu.com/usn/usn-3254-1 |
22 | ID: MGASA-2017-0106 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |