Mageia alert MGASA-2013-0076 (python-django) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0076: python-django-1.3.7-1.mga2
 (2/core) 
Date:
    	       Fri, 1 Mar 2013 22:22:03 +0100
Message-ID:
    	       <20130301212203.GA28348@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0076
Date: 	March 1st, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated python-django packages fix security vulnerabilities:

Orange Tsai discovered that the bundled administrative interface of
djangocould expose supposedly-hidden info rmation via its history log
(CVE-2013-0305).

Mozilla discovered that an attacker can abuse django's tracking of the
number of forms in a formset to cause a denial-of-service attack due to
extreme memory consumption (CVE-2013-0306).


Updated Packages:
i586:
python-django-1.3.7-1.mga2.noarch.rpm

x86_64:
python-django-1.3.7-1.mga2.noarch.rpm

SRPMS:
python-django-1.3.7-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0306
https://www.djangoproject.com/weblog/2013/feb/19/security/
http://www.debian.org/security/2013/dsa-2634
https://bugs.mageia.org/show_bug.cgi?id=9189
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)