Advisories » MGASA-2013-0256

Updated python-django packages fix CVE-2013-4249

Publication date: 22 Aug 2013
Modification date: 22 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4249

Description

Updated python-django package fixes security vulnerability:

The is_safe_url() function has been modified to properly recognize and reject
URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site
scripting attacks through redirecting to other schemes, such as javascript.
(CVE-2013-4249).
                

References

• https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued
• https://bugs.mageia.org/show_bug.cgi?id=10996
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4249

SRPMS

2/core

• python-django-1.3.7-1.1.mga2

3/core

• python-django-1.4.6-1.mga3