Source: python-django Version: 1.9.2-1 Severity: important Tags: security Today Django published an advisory for 1.9.3 and 1.8.10.
I am investigating whether stable is affected; it is likely. https://www.djangoproject.com/weblog/2016/mar/01/security-releases/ CVE-2016-2512 > Malicious redirect and possible XSS attack via user-supplied redirect URLs > containing basic auth CVE-2016-2513 > User enumeration through timing difference on password hasher work factor > upgrade _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
