drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in python-django14
Name: |
Mehrere Probleme in python-django14 |
|
ID: |
FEDORA-2015-0804 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Di, 27. Januar 2015, 07:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0222 |
|
Applikationen: |
Django |
|
Originalnachricht |
Name : python-django14 Product : Fedora 20 Version : 1.4.18 Release : 1.fc20 URL : http://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
------------------------------------------------------------------------------- - Update Information:
update to 1.4.18 fixing multiple CVEs ------------------------------------------------------------------------------- - ChangeLog:
* Thu Jan 15 2015 Matthias Runge <mrunge@redhat.com> - 1.4.18-1 - update to 1.4.18 rhbz#1179672,1179675,1179679,1179685,1181940,1181944,1181947 * Mon Nov 17 2014 Matthias Runge <mrunge@redhat.com> - 1.4.16-1 - update to 1.4.16 * Mon Aug 25 2014 Matthias Runge <mrunge@redhat.com> - 1.4.14-1 - update to 1.4.14 fixing CVE-2014-0480 CVE-2014-0481 CVE-2014-0482, CVE-2014-0483 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 16 2014 Matthias Runge <mrunge@redhat.com> - 1.4.13-1 - update to 1.4.13 fixing CVE-2014-1418 (rhbz#1097936) * Tue Apr 22 2014 Matthias Runge <mrunge@redhat.com> - 1.4.11-1 - update to 1.4.11 fixing CVE-2014-0473 and CVE-2014-0474 * Thu Apr 3 2014 Matthias Runge <mrunge@redhat.com> - 1.4.8-3 - fix file conflicts with other django packages * Thu Mar 27 2014 Matthias Runge <mrunge@redhat.com> - 1.4.8-2 - Parallel installable version based on Toshio Kuratomis contribution ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1179672 - CVE-2015-0219 Django: WSGI header spoofing via underscore/dash conflation https://bugzilla.redhat.com/show_bug.cgi?id=1179672 [ 2 ] Bug #1179675 - CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs https://bugzilla.redhat.com/show_bug.cgi?id=1179675 [ 3 ] Bug #1179679 - CVE-2015-0221 Django: denial of service attack against django.views.static.serve https://bugzilla.redhat.com/show_bug.cgi?id=1179679 [ 4 ] Bug #1179685 - CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField https://bugzilla.redhat.com/show_bug.cgi?id=1179685 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update python-django14' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|