Python Django was updated to fix security issues and bugs.
Update to version 1.4.15 on openSUSE 12.3:
+ Prevented reverse() from generating URLs pointing to other hosts
to prevent phishing attacks (bnc#893087, CVE-2014-0480)
+ Removed O(n) algorithm when uploading duplicate file names
to fix file upload denial of service (bnc#893088, CVE-2014-0481)
+ Modified RemoteUserMiddleware to logout on REMOTE_USE change
to prevent session hijacking (bnc#893089, CVE-2014-0482)
+ Prevented data leakage in contrib.admin via query string manipulation
(bnc#893090, CVE-2014-0483)
+ Fixed: Caches may incorrectly be allowed to store and serve private data
(bnc#877993, CVE-2014-1418)
+ Fixed: Malformed redirect URLs from user input not correctly validated
(bnc#878641, CVE-2014-3730)
+ Fixed queries that may return unexpected results on MySQL
due to typecasting (bnc#874956, CVE-2014-0474)
+ Prevented leaking the CSRF token through caching
(bnc#874955, CVE-2014-0473)
+ Fixed a remote code execution vulnerabilty in URL reversing
(bnc#874950, CVE-2014-0472)
Update to version 1.5.10 on openSUSE 13.1:
+ Prevented reverse() from generating URLs pointing to other hosts
to prevent phishing attacks (bnc#893087, CVE-2014-0480)
+ Removed O(n) algorithm when uploading duplicate file names
to fix file upload denial of service (bnc#893088, CVE-2014-0481)
+ Modified RemoteUserMiddleware to logout on REMOTE_USE change
to prevent session hijacking (bnc#893089, CVE-2014-0482)
+ Prevented data leakage in contrib.admin via query string manipulation
(bnc#893090, CVE-2014-0483)
- Update to version 1.5.8:
+ Fixed: Caches may incorrectly be allowed to store and serve private data
(bnc#877993, CVE-2014-1418)
+ Fixed: Malformed redirect URLs from user input not correctly validated
(bnc#878641, CVE-2014-3730)
+ Fixed queries that may return unexpected results on MySQL
due to typecasting (bnc#874956, CVE-2014-0474)
+ Prevented leaking the CSRF token through caching
(bnc#874955, CVE-2014-0473)
+ Fixed a remote code execution vulnerabilty in URL reversing
(bnc#874950, CVE-2014-0472)
- Submitted by Bernhard Wiedemann (bmwiedemann)