[ubuntu/xenial-security] python-django 1.8.7-1ubuntu5.5 (Accepted)

Marc Deslauriers Tue, 04 Apr 2017 10:01:30 -0700

python-django (1.8.7-1ubuntu5.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Open redirect and possible XSS attack via
    user-supplied numeric redirect URLs
    - debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
      URLs in django/utils/http.py, added tests to
      tests/utils_tests/test_http.py.
    - CVE-2017-7233
  * SECURITY UPDATE: Open redirect vulnerability in
    django.views.static.serve()
    - debian/patches/CVE-2017-7234.patch: remove redirect from
      django/views/static.py.
    - CVE-2017-7234


Date: 2017-03-29 13:24:14.014529+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.5

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] python-django 1.8.7-1ubuntu5.5 (Accepted)

Reply via email to