From 23ed2cf2dc85f98412862c66766f9aaeee23621e Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Wed, 14 Jan 2015 15:21:44 -0300 Subject: python-django: security bump to version 1.7.3 Fixes: CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2015-0221 - incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni --- package/python-django/python-django.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package/python-django/python-django.mk') diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk index fcfa406c7a..28f25bd272 100644 --- a/package/python-django/python-django.mk +++ b/package/python-django/python-django.mk @@ -4,7 +4,7 @@ # ################################################################################ -PYTHON_DJANGO_VERSION = 1.7.2 +PYTHON_DJANGO_VERSION = 1.7.3 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz # The official Django site has an unpractical URL PYTHON_DJANGO_SITE = https://pypi.python.org/packages/source/D/Django/ -- cgit v1.2.3