Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:2992
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo> <issue id="893088" tracker="bnc">VUL-0: CVE-2014-0481: python-django: file upload denial of service</issue> <issue id="893089" tracker="bnc">VUL-0: CVE-2014-0482: python-django: RemoteUserMiddleware session hijacking</issue> <issue id="874956" tracker="bnc">VUL-0: CVE-2014-0474: python-django: MySQL typecasting</issue> <issue id="878641" tracker="bnc">VUL-0: CVE-2014-3730: python-django: django.util.http.is_safe_url function</issue> <issue id="893090" tracker="bnc">VUL-0: CVE-2014-0483: python-django: data leakage via querystring manipulation in admin</issue> <issue id="874950" tracker="bnc">VUL-0: CVE-2014-0472: python-django: unexpected code execution using reverse()</issue> <issue id="877993" tracker="bnc">VUL-0: CVE-2014-1418: python-django: Insecure redirects and cache poisoning</issue> <issue id="893087" tracker="bnc">VUL-0: CVE-2014-0480: python-django: reverse() can generate URLs pointing to other hosts, leading to phishing attacks</issue> <issue id="874955" tracker="bnc">VUL-0: CVE-2014-0473: python-django: caching of anonymous pages could reveal CSRF token</issue> <issue id="CVE-2014-1418" tracker="cve" /> <issue id="CVE-2014-3730" tracker="cve" /> <issue id="CVE-2014-0480" tracker="cve" /> <issue id="CVE-2014-0481" tracker="cve" /> <issue id="CVE-2014-0482" tracker="cve" /> <issue id="CVE-2014-0483" tracker="cve" /> <issue id="CVE-2014-0473" tracker="cve" /> <issue id="CVE-2014-0472" tracker="cve" /> <issue id="CVE-2014-0474" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>bmwiedemann</packager> <description>Python Django was updated to fix security issues and bugs. Update to version 1.4.15 on openSUSE 12.3: + Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480) + Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481) + Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482) + Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483) + Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418) + Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730) + Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474) + Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473) + Fixed a remote code execution vulnerabilty in URL reversing (bnc#874950, CVE-2014-0472) Update to version 1.5.10 on openSUSE 13.1: + Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480) + Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481) + Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482) + Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483) - Update to version 1.5.8: + Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418) + Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730) + Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474) + Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473) + Fixed a remote code execution vulnerabilty in URL reversing (bnc#874950, CVE-2014-0472) </description> <summary>python-django: security and bugfix update</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor