Source: python-django Version: 1.7.7-1 Severity: important Tags: security upstream patch
Hi, the following vulnerabilities were published for python-django. CVE-2016-9013[0]: User with hardcoded password created when running tests on Oracle CVE-2016-9014[1]: DNS rebinding vulnerability when DEBUG=True If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9013 [1] https://security-tracker.debian.org/tracker/CVE-2016-9014 [2] https://www.djangoproject.com/weblog/2016/nov/01/security-releases/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore