Bug 16607

Ubuntu has issued an advisory for this on August 18:
http://www.ubuntu.com/usn/usn-2720-1/

URL: (none) => http://lwn.net/Vulnerabilities/654999/

Advisory:
========================

Updated python-django and python-django14 packages fix security
vulnerabilities:
Lin Hua Cheng discovered that Django incorrectly handled the session store.
A remote attacker could use this issue to cause the session store to fill
up, resulting in a denial of service.

References:
https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
http://www.ubuntu.com/usn/usn-2720-1/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5964

Mageia 5 :

Update packages :

python-django-doc-1.8.4-1.mga5.noarch.rpm
python-django-1.8.4-1.mga5.noarch.rpm
python3-django-1.8.4-1.mga5.noarch.rpm
python-django-bash-completion-1.8.4-1.mga5.noarch.rpm

From :
python-django-1.8.4-1.mga5.src.rpm

Mageia 4 :

Update packages :

python-django14-1.4.22-1.mga4.noarch.rpm

From :
python-django14-1.4.22-1.mga4.src.rpm

Assignee: makowski.mageia => qa-bugs

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=13251#c6

Version: Cauldron => 5
Whiteboard: MGA5TOO, MGA4TOO => MGA4TOO has_procedure

mga5 64 LANG=fr_FR.UTF-8

===========
Installed :
python-django-1.8.4-1.mga5.noarch.rpm
python-django-bash-completion-1.8.4-1.mga5.noarch.rpm

$ django-admin startproject mysite
$ cd mysite/
$ python manage.py runserver
Performing system checks...

System check identified no issues (0 silenced).

You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.

August 24, 2015 - 20:53:41
Django version 1.8.4, using settings 'mysite.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
[24/Aug/2015 20:54:29] "GET / HTTP/1.1" 200 1767
[24/Aug/2015 20:54:30] "GET /favicon.ico HTTP/1.1" 404 1936
[24/Aug/2015 20:54:30] "GET /favicon.ico HTTP/1.1" 404 1936
^C

Test OK.
===========
Installed :
python3-django-1.8.4-1.mga5.noarch.rpm
python-django-bash-completion-1.8.4-1.mga5.noarch.rpm

$ python3-django-admin startproject mysite
$ cd mysite/
$ python3 manage.py runserver
Performing system checks...

System check identified no issues (0 silenced).

You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.

August 24, 2015 - 21:05:43
Django version 1.8.4, using settings 'mysite.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
[24/Aug/2015 21:05:54] "GET / HTTP/1.1" 200 1767
[24/Aug/2015 21:05:58] "GET / HTTP/1.1" 200 1767
^C

Test OK.
===========

Update OK.

CC: (none) => yann.cantin
Whiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA5-64-OK

Testing MGA4 x64 (OK)

Having python & python-django14-1.4.21-1.mga4 already installed, updated the latter to:
 python-django14-1.4.22-1.mga4
and ran the test shown in
 https://bugs.mageia.org/show_bug.cgi?id=13251#c6      [thanks Claire]
just for the 1st part (I have Python3 installed, but this update applies just to django14 for Mageia 4).
Result OK.

CC: (none) => lewyssmith
Whiteboard: MGA4TOO has_procedure MGA5-64-OK => MGA4TOO has_procedure MGA5-64-OK MGA4-64-OK

Validating. Still needs an advisory to be uploaded.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Advisory uploaded.

Whiteboard: MGA4TOO has_procedure MGA5-64-OK MGA4-64-OK => MGA4TOO has_procedure MGA5-64-OK MGA4-64-OK advisory

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0327.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED