SUSE-SU-2015:0694-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0694-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:0694-1

Related

CVE-2015-2316
CVE-2015-2317

Published

2015-03-25T23:21:02Z

Modified

2015-03-25T23:21:02Z

Summary

Security update for python-Django

Details

python-Django has been updated to fix two vulnerabilities:

* URLs starting with control characters could have allowed XSS
  (cross-site-scripting) attacks via user-supplied redirect URLs
  (CVE-2015-2317)
* An infinite loop possibility could be triggered in the strip_tags()
  function, which allowed denial of service attacks (CVE-2015-2316)

Security Issues:

* CVE-2015-2316
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2316>
* CVE-2015-2317
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2317>

References

https://www.suse.com/support/update/announcement/2015/suse-su-20150694-1/
https://bugzilla.suse.com/923172
https://bugzilla.suse.com/923176
https://www.suse.com/security/cve/CVE-2015-2316
https://www.suse.com/security/cve/CVE-2015-2317

SUSE-SU-2015:0694-1

Affected packages