This bug was fixed in the package python-django - 1.8.7-1ubuntu3 --------------- python-django (1.8.7-1ubuntu3) xenial; urgency=medium
* SECURITY REGRESSION: is_safe_url() with non-unicode url (LP: #1553251) - debian/patches/CVE-2016-2512-regression.patch: force url to unicode in django/utils/http.py, added test to tests/utils_tests/test_http.py. - CVE-2016-2512 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 04 Mar 2016 11:03:43 -0500 ** Changed in: python-django (Ubuntu Xenial) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2512 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1553251 Title: USN-2915-1 introduced a regression in is_safe_url() To manage notifications about this bug go to: https://bugs.launchpad.net/django/+bug/1553251/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs