Advisories ยป MGASA-2019-0035

Updated python-django packages fix security vulnerability

Publication date: 11 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3498


An upstream patch has been backported to fix a security vulnerability in
python-django. CVE-2019-3498: Content spoofing possibility in the
default 404 page

An attacker could craft a malicious URL that could make spoofed content
appear on the default page generated by the
django.views.defaults.page_not_found() view. The URL path is no longer
displayed in the default 404 template and the request_path context 
variable is now quoted to fix the issue for custom templates that use
the path.