Overview
Request 292722 accepted
supersedes https://build.opensuse.org/request/show/292041
- update to 1.6.11
* Made is_safe_url() reject URLs that start with control characters
to mitigate possible XSS attack via user-supplied redirect URLs
(bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags()
(bnc#923172, CVE-2015-2316)
* WSGI header spoofing via underscore/dash conflation
(bnc#913053, CVE-2015-0219)
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against ``django.views.static.serve``
(bnc#913056, CVE-2015-0221)
* Database denial-of-service with ``ModelMultipleChoiceField``
(bnc#913055, CVE-2015-0222)
- Created by bmwiedemann
- In state accepted
Request History
bmwiedemann created request
supersedes https://build.opensuse.org/request/show/292041
- update to 1.6.11
* Made is_safe_url() reject URLs that start with control characters
to mitigate possible XSS attack via user-supplied redirect URLs
(bnc#923176, CVE-2015-2317)
* Fixed an infinite loop possibility in strip_tags()
(bnc#923172, CVE-2015-2316)
* WSGI header spoofing via underscore/dash conflation
(bnc#913053, CVE-2015-0219)
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against ``django.views.static.serve``
(bnc#913056, CVE-2015-0221)
* Database denial-of-service with ``ModelMultipleChoiceField``
(bnc#913055, CVE-2015-0222)
maintbot added devel:languages:python as a reviewer
Submission by someone who is not maintainer in the devel project. Please review
maintbot accepted review
accepted
aplanas accepted review
LGTM
aplanas approved review
LGTM
AndreasStieger moved maintenance target to openSUSE:Maintenance:3665
AndreasStieger accepted request
ok