projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6952e32) | patch
python-django: security bump to version 1.7.3
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Wed, 14 Jan 2015 18:21:44 +0000 (15:21 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Wed, 14 Jan 2015 18:26:12 +0000 (19:26 +0100)
commit23ed2cf2dc85f98412862c66766f9aaeee23621e
tree14cdbda598576dc1f75a00d519fae1edb9fe6805tree
parent6952e32f37ea58e3861f89fc687c230c3d4742d1commit | diff
python-django: security bump to version 1.7.3

Fixes:

CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A
remote attacker could possibly use this issue to spoof headers in
certain environments.

CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A
remote attacker could possibly use this issue to perform a cross-site
scripting attack.

CVE-2015-0221 - incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service.

CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField.
A remote attacker could possibly use this issue to cause a large number
of SQL queries, resulting in a database denial of service.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/python-django/python-django.hash diff | blob | history
package/python-django/python-django.mk diff | blob | history