AVG-233

Package python-django, python2-django
Status Fixed
Severity Medium
Type multiple issues
Affected 1.10.3-2
Fixed 1.11-1
Current 1.11.10-1 [extra]
Ticket None
Created Wed Apr 5 18:16:56 2017
Issue Severity Remote Type Description
CVE-2017-7234 Medium Yes Open redirect
A maliciously crafted URL to a Django site using the serve() view could redirect to any other domain. The view no longer does any redirects as they don’t...
CVE-2017-7233 Medium Yes Cross-site scripting
Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an “on success” URL. The security check...
Date Advisory Package Description
06 Apr 2017 ASA-201704-2 python-django multiple issues
06 Apr 2017 ASA-201704-1 python2-django multiple issues
References
https://docs.djangoproject.com/en/dev/releases/1.11