AVG-35

Package python-django, python2-django
Status Fixed
Severity Medium
Type cross-site request forgery
Affected 1.9.9-1
Fixed 1.10.1-1
Current 2.0.6-1 [extra]
1.11.13-1 [extra]
Ticket None
Created Tue Sep 27 01:06:47 2016
Issue Severity Remote Type Description
CVE-2016-7401 Medium Yes Cross-site request forgery
Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary...
Date Advisory Package Description
21 Oct 2016 ASA-201610-13 python-django cross-site request forgery
21 Oct 2016 ASA-201610-12 python2-django cross-site request forgery
References
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/