AVG-233 log
| Package | python-django, python2-django |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.10.3-2 |
| Fixed | 1.11-1 |
| Current |
4.2.11-2 [extra-testing] 4.2.11-1 [extra] |
| Ticket | None |
| Created | Wed Apr 5 18:16:56 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-7234 | Medium | Yes | Open redirect | A maliciously crafted URL to a Django site using the serve() view could redirect to any other domain. The view no longer does any redirects as they don’t... |
| CVE-2017-7233 | Medium | Yes | Cross-site scripting | Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an “on success” URL. The security check... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 06 Apr 2017 | ASA-201704-2 | python-django | multiple issues |
| 06 Apr 2017 | ASA-201704-1 | python2-django | multiple issues |
| References |
|---|
https://docs.djangoproject.com/en/dev/releases/1.11 |