python-django: security bump to version 1.7.3 - buildroot.git

diff options

author	Gustavo Zacarias <gustavo@zacarias.com.ar>	2015-01-14 15:21:44 -0300
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2015-01-14 19:26:12 +0100
commit	23ed2cf2dc85f98412862c66766f9aaeee23621e (patch)
tree	14cdbda598576dc1f75a00d519fae1edb9fe6805 /toolchain
parent	6952e32f37ea58e3861f89fc687c230c3d4742d1 (diff)

python-django: security bump to version 1.7.3

Fixes: CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2015-0221 - incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Diffstat (limited to 'toolchain')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: