Package name
python-django
Date
2008-09-03
Advisory ID
MDVSA-2008:185
Affected versions
2008.0 i586 , 2007.1 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

A cross-site request forgery vulnerability was discovered in Django
that, if exploited, could be used to perform unrequested deletion or
modification of data. Updated versions of Django will now discard
posts from users whose sessions have expired, so data will need to
be re-entered in these cases (CVE-2008-3909).

The versions of Django shipping with Mandriva Linux have been updated
to the latest patched versions that include the fix for this issue.
In addition, they provide other bug fixes.

Updated packages

2008.0 i586

 b44c60bcbdfd6ae99460fabd6de4cffd  2008.0/i586/python-django-0.96.3-0.1mdv2008.0.noarch.rpm 
 ab14397d32e097129323453dc3fea45f  2008.0/SRPMS/python-django-0.96.3-0.1mdv2008.0.src.rpm

2007.1 i586

 38edd5a0e5521c3c1acfd19e51875ea9  2007.1/i586/python-django-0.95.4-0.1mdv2007.1.noarch.rpm 
 0380a1637f0796008dcd5c29a9c78182  2007.1/SRPMS/python-django-0.95.4-0.1mdv2007.1.src.rpm

2008.0 x86_64

 0edf0f10f8f23c326e97136ee2f53771  2008.0/x86_64/python-django-0.96.3-0.1mdv2008.0.noarch.rpm 
 ab14397d32e097129323453dc3fea45f  2008.0/SRPMS/python-django-0.96.3-0.1mdv2008.0.src.rpm

2008.1 x86_64

 7387677bee02518fa5ef9086b4bbf48b  2008.1/x86_64/python-django-0.96.3-0.1mdv2008.1.noarch.rpm 
 9f7363e6176cf979043fc514bde04697  2008.1/SRPMS/python-django-0.96.3-0.1mdv2008.1.src.rpm

2008.1 i586

 30efe5a9d7c66921dac5f7240b803728  2008.1/i586/python-django-0.96.3-0.1mdv2008.1.noarch.rpm 
 9f7363e6176cf979043fc514bde04697  2008.1/SRPMS/python-django-0.96.3-0.1mdv2008.1.src.rpm

2007.1 x86_64

 5b96616e028855ff7e5afa8f5c583c01  2007.1/x86_64/python-django-0.95.4-0.1mdv2007.1.noarch.rpm 
 0380a1637f0796008dcd5c29a9c78182  2007.1/SRPMS/python-django-0.95.4-0.1mdv2007.1.src.rpm

References