lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Nov 2015 17:32:31 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 3404-1] python-django security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3404-1 security@...ian.org https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2015-8213 Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings. For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.5-1+deb7u14. For the stable distribution (jessie), this problem has been fixed in version 1.7.7-1+deb8u3. For the unstable distribution (sid), this problem has been fixed in version 1.8.7-1. We recommend that you upgrade your python-django packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWVfAeAAoJEAVMuPMTQ89EDNoP/2vAxkuTyWOE/Wd3n44/pBNh KANS9oKRSvU7xXUvtyDNwhCOkQlv060yVyv3kr85L5WHspXCbmckLNpoXywwbd2m 4AHJEFeXI+YXtywx24VResVtOLzINyS1DE2qqfMqhlRJ7TCi8d/CwZM78/LICxHV OX6coza/acb0lKZs1Q/cPEaZDS9Tg+En+W3SaLRz9Lq7f5VMzSz9cJxH0gJcpehh pB//JH0C5VUSaN0owctFbYvxDl87NJhmYvMf6CSQqizBFVFXEQkkKgqcy5NFuO+7 wM3Xy7RsngetaOgD1pV84OljUS4xAenUNk2nh6fkcTIAaTfTx9SpK6JlsMQbkAdk p2LOU56GPSMRE181QuBORcUkKVYM3haAyHu8eYGqdm8iUU2rNpfVv8i3m5lQTg7h B8z742cp2j5RU9QHrZbOUiyYwSVpp1v9OUJk909kvGvjjHa3aTO3zi9OMR9GLebT p5MH/IhmnVX+gXZpBBmI+oCNufQ0Ajibm1cokmZZtZshndVPw/R5U4RSV566sKk8 +UXXD+upnjOaP6It1/yODQCZPEsnuZu9fju5D8hG3rO2xSOq+KBYrAJD+SWiihCJ slxKPXpjWA/SoroQH0OS79hpdEnW7WU6lFdR6u/jceE6EQgZrcLY6uowhpOCeQaj rds1cEMLt0FlLECVxTSm =Wyzd -----END PGP SIGNATURE-----
Powered by blists - more mailing lists