Advisories ยป MGASA-2014-0366

Updated python-django packages fix multiple vulnerabilities

Publication date: 05 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0480 , CVE-2014-0481 , CVE-2014-0482 , CVE-2014-0483

Description

Updated python-django and python-django14 packages fix security vulnerabilities:

These releases address an issue with reverse() generating external URLs
(CVE-2014-0480); a denial of service involving file uploads  (CVE-2014-0481);
a potential session hijacking issue in the remote-user middleware
(CVE-2014-0482); and a data leak in the administrative interface
(CVE-2014-0483).
                

References

SRPMS

4/core

3/core