Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for python-Django

python-django was updated to 1.6.11 to fix security issues and non-security bugs.

THe following vulnerabilities were fixed:

* Made is_safe_url() reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs (bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags() (bnc#923172, CVE-2015-2316)
* WSGI header spoofing via underscore/dash conflation (bnc#913053, CVE-2015-0219)
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against ``django.views.static.serve`` (bnc#913056, CVE-2015-0221)
* Database denial-of-service with ``ModelMultipleChoiceField`` (bnc#913055, CVE-2015-0222)

The update also contains fixes for non-security bugs, functional and stability issues.

Fixed bugs
bnc#923172
VUL-1: python-django,python-Django: CVE-2015-2316 Django: possible denial of service in strip_tags()
bnc#913056
VUL-1: CVE-2015-0221: python-django: denial of service attack against django.views.static.serve
bnc#913055
VUL-1: CVE-2015-0222: python-django: database denial of service with ModelMultipleChoiceField
bnc#923176
VUL-1: python-django,python-Django: CVE-2015-2317 Django: possible XSS attack via user-supplied redirect URLs
bnc#913053
VUL-1: CVE-2015-0219: python-django: WSGI header spoofing via underscore/dash conflation
CVE-CVE-2015-2317
CVE-CVE-2015-2316
CVE-CVE-2015-0219
CVE-CVE-2015-0222
CVE-CVE-2015-0221
Selected Binaries
openSUSE Build Service is sponsored by
Places