Updated python-django package fix two vulnerabilities

2014-05-1922:53:32

Gentoo Foundation

advisories.mageia.org

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.005

Percentile

76.3%

JSON

Updated python-django and python-dgango14 packages fix security vulnerabilities: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in Internet Explorer 6 and 7 (CVE-2014-1418). Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers. An attacker may use this to cause unexpected redirects (CVE-2014-3730).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchpython-django< 1.4.13-1python-django-1.4.13-1.mga3
Mageia4noarchpython-django< 1.5.8-1python-django-1.5.8-1.mga4
Mageia4noarchpython-django14< 1.4.13-1python-django14-1.4.13-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	python-django	< 1.4.13-1	python-django-1.4.13-1.mga3
Mageia	4	noarch	python-django	< 1.5.8-1	python-django-1.5.8-1.mga4
Mageia	4	noarch	python-django14	< 1.4.13-1	python-django14-1.4.13-1.mga4