AVG-233 log
Package | python-django, python2-django |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 1.10.3-2 |
Fixed | 1.11-1 |
Current | 5.1.2-1 [extra] |
Ticket | None |
Created | Wed Apr 5 18:16:56 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-7234 | Medium | Yes | Open redirect | A maliciously crafted URL to a Django site using the serve() view could redirect to any other domain. The view no longer does any redirects as they don’t... |
CVE-2017-7233 | Medium | Yes | Cross-site scripting | Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an “on success” URL. The security check... |
Date | Advisory | Package | Type |
---|---|---|---|
06 Apr 2017 | ASA-201704-2 | python-django | multiple issues |
06 Apr 2017 | ASA-201704-1 | python2-django | multiple issues |
References |
---|
https://docs.djangoproject.com/en/dev/releases/1.11 |