Updated python-django packages fix CVE-2013-4249
Publication date: 22 Aug 2013Modification date: 22 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4249
Description
Updated python-django package fixes security vulnerability: The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript. (CVE-2013-4249).
References
SRPMS
2/core
- python-django-1.3.7-1.1.mga2
3/core
- python-django-1.4.6-1.mga3