Parent Directory | Revision Log
MGASA-2019-0035: python-django-1.8.19-1.1.mga6
1 | type: security |
2 | subject: Updated python-django packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2019-3498 |
5 | src: |
6 | 6: |
7 | core: |
8 | - python-django-1.8.19-1.1.mga6 |
9 | description: | |
10 | An upstream patch has been backported to fix a security vulnerability in |
11 | python-django. CVE-2019-3498: Content spoofing possibility in the |
12 | default 404 page |
13 | |
14 | An attacker could craft a malicious URL that could make spoofed content |
15 | appear on the default page generated by the |
16 | django.views.defaults.page_not_found() view. The URL path is no longer |
17 | displayed in the default 404 template and the request_path context |
18 | variable is now quoted to fix the issue for custom templates that use |
19 | the path. |
20 | references: |
21 | - https://bugs.mageia.org/show_bug.cgi?id=24128 |
22 | - https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ |
23 | - https://security-tracker.debian.org/tracker/CVE-2019-3498 |
24 | ID: MGASA-2019-0035 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |