Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Tech ARP] The New Dell XPS 13 2-in-1 (9365) Laptop Revealed!

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : python-django

Version : 1.4.22-1+deb7u3

CVE ID : CVE-2017-7233, CVE-2017-7234

Debian Bug : #859515, #859516

 

It was discovered that there were two vulnerabilities in python-django, a

high-level Python web development framework.

 

CVE-2017-7233 (#859515): Open redirect and possible XSS attack via

user-supplied numeric redirect URLs. Django relies on user input in some cases

(e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an

"on success" URL. The security check for these redirects (namely is_safe_url())

considered some numeric URLs (e.g. http:999999999) "safe" when they shouldn't

be. Also, if a developer relied on is_safe_url() to provide safe redirect

targets and puts such a URL into a link, they could suffer from an XSS attack.

 

CVE-2017-7234 (#895516): Open redirect vulnerability in

django.views.static.serve; A maliciously crafted URL to a Django site using the

serve() view could redirect to any other domain. The view no longer does any

redirects as they don't provide any known, useful functionality.

 

For Debian 7 "Wheezy", this issue has been fixed in python-django version

1.4.22-1+deb7u3.

 

We recommend that you upgrade your python-django packages.

 

 

Regards,

 

- --

,''`.

: :' : Chris Lamb

`. `'` lamby ( -at -) debian.org / chris-lamb.co.uk

`-

 

-----BEGIN PGP SIGNATURE-----

 

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljksoIACgkQHpU+J9Qx

Hlj41RAAnngRzpAXXiIi5tB3ZcFwPLFCFtDwZXtmlphEZbY0EnRFNEnGFojdvUQ+

FDqN17xFmVZmn3fcdaOK2Z1+2e7P7+aeqri4B/hkmMgCm0lSNd1Hgxz3vaAOJLBy

UoPglnS6QnDKKECXZf3XBPGPAne71gjTMZYj5i6TR50N48fusuYGipAikgzmdv4U

uVMCTtXb/SkuHBEd8f0PgSpU3j0X7wO/mJDuXmdWyV8DG6sEiHU+qxLBZ5xVTaiU

3M+LxtW/bJaITo23ZWhhi/y3FBjYreGDTn3H39Uaj2HiUv1MbqVZPADX2J5sKJR+

DtjiaeM6nwofl6txrwze5vsZiO2NyZ64UP8QvnywBlzyyPunKHAfrpAeMNtO0K1A

UquhJhh/bRaLdC8vZt/+Ea9oc9cka5zAQIS/izYgSuy0X9sx0qEDi9i64MFMsmFn

Lp8Fw9kI06NvaNJ2sqigmBnBIy3bO6R6CvYRuWDRicb9WHwXXUaplEhMVE4RWUWD

iw7aOp6RSbWyOQK9DuPEtLhdPv02K5LE29U0LUtGlO8Q9gBtSgiIoHvDa/C8cUfs

Osq/gxjHt4kAhWa/Xe+Q9nGsenxRYnPRNX6AKrR0aIGZtHnA0LO7NP//i9VY62oa

MSdUShCgu0r5gYVM3pBJxPFJNLrC6U0RGIR9rVGDqnBhT5moNpk=

=cKLV

-----END PGP SIGNATURE-----

 

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×