Updated python-django packages fix multiple vulnerabilities
Publication date: 05 Sep 2014Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0480 , CVE-2014-0481 , CVE-2014-0482 , CVE-2014-0483
Description
Updated python-django and python-django14 packages fix security vulnerabilities: These releases address an issue with reverse() generating external URLs (CVE-2014-0480); a denial of service involving file uploads (CVE-2014-0481); a potential session hijacking issue in the remote-user middleware (CVE-2014-0482); and a data leak in the administrative interface (CVE-2014-0483).
References
- https://bugs.mageia.org/show_bug.cgi?id=13963
- https://www.djangoproject.com/weblog/2014/aug/20/security/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0480
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0481
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0482
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0483
SRPMS
3/core
- python-django-1.4.14-1.mga3
4/core
- python-django-1.5.9-1.mga4
- python-django14-1.4.14-1.3.mga4