python-django was updated to 1.6.11 to fix security issues and non-security bugs.
THe following vulnerabilities were fixed:
* Made is_safe_url() reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs (bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags() (bnc#923172, CVE-2015-2316)
* WSGI header spoofing via underscore/dash conflation (bnc#913053, CVE-2015-0219)
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against ``django.views.static.serve`` (bnc#913056, CVE-2015-0221)
* Database denial-of-service with ``ModelMultipleChoiceField`` (bnc#913055, CVE-2015-0222)
The update also contains fixes for non-security bugs, functional and stability issues.
- Submitted by Bernhard Wiedemann (bmwiedemann)