Source: python-django Version: 1.7.1-1 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for python-django. CVE-2015-0219[0]: WSGI header spoofing via underscore/dash conflation CVE-2015-0220[1]: Mitigated possible XSS attack via user-supplied redirect URLs CVE-2015-0221[2]: Denial-of-service attack against django.views.static.serve CVE-2015-0222[3]: Database denial-of-service with ModelMultipleChoiceField If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0219 [1] https://security-tracker.debian.org/tracker/CVE-2015-0220 [2] https://security-tracker.debian.org/tracker/CVE-2015-0221 [3] https://security-tracker.debian.org/tracker/CVE-2015-0222 [4] https://www.djangoproject.com/weblog/2015/jan/13/security/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
