Source: python-django Version: 1.7.1-1 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for python-django. CVE-2015-0219[0]: WSGI header spoofing via underscore/dash conflation CVE-2015-0220[1]: Mitigated possible XSS attack via user-supplied redirect URLs CVE-2015-0221[2]: Denial-of-service attack against django.views.static.serve CVE-2015-0222[3]: Database denial-of-service with ModelMultipleChoiceField If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0219 [1] https://security-tracker.debian.org/tracker/CVE-2015-0220 [2] https://security-tracker.debian.org/tracker/CVE-2015-0221 [3] https://security-tracker.debian.org/tracker/CVE-2015-0222 [4] https://www.djangoproject.com/weblog/2015/jan/13/security/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
