Django is vulnerable to information disclosure through escalation of privileges. The admin interface does not check user permissions correctly for viewing object history.
rhn.redhat.com/errata/RHSA-2013-0670.html
ubuntu.com/usn/usn-1757-1
www.debian.org/security/2013/dsa-2634
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=913037
bugzilla.redhat.com/show_bug.cgi?id=913039
rhn.redhat.com/errata/RHSA-2013-0670.html
www.djangoproject.com/weblog/2013/feb/19/security/