MGASA-2014-0231

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2014-0231.html
Import Source
https://advisories.mageia.org/MGASA-2014-0231.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0231
Related
Published
2014-05-19T18:53:32Z
Modified
2014-05-19T18:52:56Z
Summary
Updated python-django package fix two vulnerabilities
Details

Updated python-django and python-dgango14 packages fix security vulnerabilities:

Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in Internet Explorer 6 and 7 (CVE-2014-1418).

Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers. An attacker may use this to cause unexpected redirects (CVE-2014-3730).

References
Credits

Affected packages

Mageia:4 / python-django

Package

Name
python-django
Purl
pkg:rpm/mageia/python-django?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.8-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / python-django14

Package

Name
python-django14
Purl
pkg:rpm/mageia/python-django14?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.13-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:3 / python-django

Package

Name
python-django
Purl
pkg:rpm/mageia/python-django?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.13-1.mga3

Ecosystem specific 

{
    "section": "core"
}