SUSE-SU-2015:0695-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150695-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0695-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0695-1
Related
Published
2014-09-03T15:51:02Z
Modified
2014-09-03T15:51:02Z
Summary
Security update for python-django
Details

python-django was updated to 1.5.10 fixing bugs and security issues:

* Prevented reverse() from generating URLs pointing to other hosts to
  prevent phishing attacks. (bnc#893087, CVE-2014-0480)
* Removed O(n) algorithm when uploading duplicate file names to fix
  file upload denial of service. (bnc#893088, CVE-2014-0481)
* Modified RemoteUserMiddleware to logout on REMOTE_USE change to
  prevent session hijacking. (bnc#893089, CVE-2014-0482)
* Prevented data leakage in contrib.admin via query string
  manipulation. (bnc#893090, CVE-2014-0483)

Security Issues:

* CVE-2014-0480
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0480>
* CVE-2014-0481
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0481>
* CVE-2014-0482
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0482>
* CVE-2014-0483
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0483>
References

Affected packages