advisories/20628.adv

type: security
subject: Updated python-django packages fix security vulnerability
CVE:
 - CVE-2017-7233
 - CVE-2017-7234
src:
  5:
   core:
     - python-django-1.8.16-1.1.mga5
description: |
  It was discovered that Django incorrectly handled numeric redirect URLs. A
  remote attacker could possibly use this issue to perform XSS attacks, and
  to use a Django server as an open redirect. (CVE-2017-7233)

  Phithon Gong discovered that Django incorrectly handled certain URLs when
  the jango.views.static.serve() view is being used. A remote attacker could
  possibly use a Django server as an open redirect. (CVE-2017-7234)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20628
 - https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
 - http://www.ubuntu.com/usn/usn-3254-1
ID: MGASA-2017-0106
1	type: security
2	subject: Updated python-django packages fix security vulnerability
3	CVE:
4	- CVE-2017-7233
5	- CVE-2017-7234
6	src:
7	5:
8	core:
9	- python-django-1.8.16-1.1.mga5
10	description: \|
11	It was discovered that Django incorrectly handled numeric redirect URLs. A
12	remote attacker could possibly use this issue to perform XSS attacks, and
13	to use a Django server as an open redirect. (CVE-2017-7233)
14
15	Phithon Gong discovered that Django incorrectly handled certain URLs when
16	the jango.views.static.serve() view is being used. A remote attacker could
17	possibly use a Django server as an open redirect. (CVE-2017-7234)
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=20628
20	- https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
21	- http://www.ubuntu.com/usn/usn-3254-1
22	ID: MGASA-2017-0106