Paketname
python-django
Datum
2013-08-23
Advisory ID
MDVSA-2013:218
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Updated python-django package fixes security vulnerability:

The is_safe_url() function has been modified to properly recognize
and reject URLs which specify a scheme other than HTTP or HTTPS,
to prevent cross-site scripting attacks through redirecting to other
schemes, such as javascript. (CVE-2013-4249).

Aktualisierte Pakete

MES5 i586

 af93d44d1a039b04b96bb52878d3f96c  mes5/i586/python-django-1.3.7-0.1mdvmes5.2.noarch.rpm 
 2c4655390685d6c6d4c69b53b95f434f  mes5/SRPMS/python-django-1.3.7-0.1mdvmes5.2.src.rpm

MES5 x86_64

 45e29127045c0011af5fce04e5d168c2  mes5/x86_64/python-django-1.3.7-0.1mdvmes5.2.noarch.rpm 
 2c4655390685d6c6d4c69b53b95f434f  mes5/SRPMS/python-django-1.3.7-0.1mdvmes5.2.src.rpm

Referenzen