Advisories » MGASA-2015-0463

Updated python-django packages fix security vulnerability

Publication date: 04 Dec 2015
Modification date: 04 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8213

Description

If an application allows users to specify an unvalidated format for dates
and passes this format to the date filter, then a malicious user could
obtain any secret in the application's settings by specifying a settings
key instead of a date format (CVE-2015-8213).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17215
• https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
• http://www.ubuntu.com/usn/usn-2816-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8213

SRPMS

5/core

• python-django-1.8.7-1.mga5