FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- multiple vulnerabilities

Affected packages
1.6 <= py27-django < 1.6.6
1.5 <= py27-django15 < 1.5.9
1.4 <= py27-django14 < 1.4.14
1.6 <= py32-django < 1.6.6
1.5 <= py32-django15 < 1.5.9
1.6 <= py33-django < 1.6.6
1.5 <= py33-django15 < 1.5.9
1.6 <= py34-django < 1.6.6
1.5 <= py34-django15 < 1.5.9
py27-django-devel < 20140821,1
py32-django-devel < 20140821,1
py33-django-devel < 20140821,1
py34-django-devel < 20140821,1

Details

VuXML ID 3c5579f7-294a-11e4-99f6-00e0814cab4e
Discovery 2014-08-20
Entry 2014-08-21

The Django project reports:

These releases address an issue with reverse() generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. We encourage all users of Django to upgrade as soon as possible.

References

CVE Name CVE-2014-0480
CVE Name CVE-2014-0481
CVE Name CVE-2014-0482
CVE Name CVE-2014-0483
URL https://www.djangoproject.com/weblog/2014/aug/20/security/