python-django (1.8.7-1ubuntu5.5) xenial-security; urgency=medium
* SECURITY UPDATE: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
- debian/patches/CVE-2017-7233.patch: fix is_safe_url() with numeric
URLs in django/utils/http.py, added tests to
tests/utils_tests/test_http.py.
- CVE-2017-7233
* SECURITY UPDATE: Open redirect vulnerability in
django.views.static.serve()
- debian/patches/CVE-2017-7234.patch: remove redirect from
django/views/static.py.
- CVE-2017-7234
Date: 2017-03-29 13:24:14.014529+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.5
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes