MDVSA-2008:185
- Package name
- python-django
- Date
- 2008-09-03
- Advisory ID
- MDVSA-2008:185
- Affected versions
- 2008.0 i586 , 2007.1 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64
Problem description
A cross-site request forgery vulnerability was discovered in Django
that, if exploited, could be used to perform unrequested deletion or
modification of data. Updated versions of Django will now discard
posts from users whose sessions have expired, so data will need to
be re-entered in these cases (CVE-2008-3909).
The versions of Django shipping with Mandriva Linux have been updated
to the latest patched versions that include the fix for this issue.
In addition, they provide other bug fixes.
Updated packages
2008.0 i586
b44c60bcbdfd6ae99460fabd6de4cffd 2008.0/i586/python-django-0.96.3-0.1mdv2008.0.noarch.rpm ab14397d32e097129323453dc3fea45f 2008.0/SRPMS/python-django-0.96.3-0.1mdv2008.0.src.rpm
2007.1 i586
38edd5a0e5521c3c1acfd19e51875ea9 2007.1/i586/python-django-0.95.4-0.1mdv2007.1.noarch.rpm 0380a1637f0796008dcd5c29a9c78182 2007.1/SRPMS/python-django-0.95.4-0.1mdv2007.1.src.rpm
2008.0 x86_64
0edf0f10f8f23c326e97136ee2f53771 2008.0/x86_64/python-django-0.96.3-0.1mdv2008.0.noarch.rpm ab14397d32e097129323453dc3fea45f 2008.0/SRPMS/python-django-0.96.3-0.1mdv2008.0.src.rpm
2008.1 x86_64
7387677bee02518fa5ef9086b4bbf48b 2008.1/x86_64/python-django-0.96.3-0.1mdv2008.1.noarch.rpm 9f7363e6176cf979043fc514bde04697 2008.1/SRPMS/python-django-0.96.3-0.1mdv2008.1.src.rpm
2008.1 i586
30efe5a9d7c66921dac5f7240b803728 2008.1/i586/python-django-0.96.3-0.1mdv2008.1.noarch.rpm 9f7363e6176cf979043fc514bde04697 2008.1/SRPMS/python-django-0.96.3-0.1mdv2008.1.src.rpm
2007.1 x86_64
5b96616e028855ff7e5afa8f5c583c01 2007.1/x86_64/python-django-0.95.4-0.1mdv2007.1.noarch.rpm 0380a1637f0796008dcd5c29a9c78182 2007.1/SRPMS/python-django-0.95.4-0.1mdv2007.1.src.rpm