Advisories » MGASA-2014-0366

Updated python-django packages fix multiple vulnerabilities

Publication date: 05 Sep 2014
Modification date: 05 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0480 , CVE-2014-0481 , CVE-2014-0482 , CVE-2014-0483

Description

Updated python-django and python-django14 packages fix security vulnerabilities:

These releases address an issue with reverse() generating external URLs
(CVE-2014-0480); a denial of service involving file uploads  (CVE-2014-0481);
a potential session hijacking issue in the remote-user middleware
(CVE-2014-0482); and a data leak in the administrative interface
(CVE-2014-0483).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13963
• https://www.djangoproject.com/weblog/2014/aug/20/security/
• https://www.cve.org/CVERecord?id=CVE-2014-0480
• https://www.cve.org/CVERecord?id=CVE-2014-0481
• https://www.cve.org/CVERecord?id=CVE-2014-0482
• https://www.cve.org/CVERecord?id=CVE-2014-0483

SRPMS

3/core

• python-django-1.4.14-1.mga3

4/core

• python-django-1.5.9-1.mga4
• python-django14-1.4.14-1.3.mga4