SUSE-SU-2015:0695-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0695-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:0695-1

Related

Published

2014-09-03T15:51:02Z

Modified

2014-09-03T15:51:02Z

Summary

Security update for python-django

Details

python-django was updated to 1.5.10 fixing bugs and security issues:

* Prevented reverse() from generating URLs pointing to other hosts to
  prevent phishing attacks. (bnc#893087, CVE-2014-0480)
* Removed O(n) algorithm when uploading duplicate file names to fix
  file upload denial of service. (bnc#893088, CVE-2014-0481)
* Modified RemoteUserMiddleware to logout on REMOTE_USE change to
  prevent session hijacking. (bnc#893089, CVE-2014-0482)
* Prevented data leakage in contrib.admin via query string
  manipulation. (bnc#893090, CVE-2014-0483)

Security Issues:

* CVE-2014-0480
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0480>
* CVE-2014-0481
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0481>
* CVE-2014-0482
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0482>
* CVE-2014-0483
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0483>

References

SUSE-SU-2015:0695-1

Affected packages