| Summary: | python-django new security issue CVE-2016-6186 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/694868/ | ||
| Whiteboard: | has_procedure MGA5-32-OK advisory | ||
| Source RPM: | python-django-1.8.13-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-07-19 02:09:32 CEST
David Walser
2016-07-19 02:09:46 CEST
Whiteboard:
(none) =>
MGA5TOO Debian has issued an advisory for this on July 18: https://www.debian.org/security/2016/dsa-3622
David Walser
2016-07-19 18:18:48 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/694868/ Updated packages uploaded for Mageia 5 and Cauldron. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=13251#c6 Advisory: ======================== Updated python-django packages fix security vulnerability: It was discovered that Django is prone to a cross-site scripting vulnerability in the admin's add/change related popup (CVE-2016-6186). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6186 https://www.djangoproject.com/weblog/2016/jul/18/security-releases/ https://www.debian.org/security/2016/dsa-3622 ======================== Updated packages in core/updates_testing: ======================== python-django-1.8.14-1.mga5 python-django-bash-completion-1.8.14-1.mga5 python3-django-1.8.14-1.mga5 python-django-doc-1.8.14-1.mga from python-django-1.8.14-1.mga5.src.rpm Version:
Cauldron =>
5 MGA5-32 on Acer D620 Xfce No installation issues Used procedure as per bug 13251 Comment 6 and 13 at CLI as normal user $ django-admin startproject mysite $ cd mysite/ $ python manage.py runserver Performing system checks... System check identified no issues (0 silenced). You have unapplied migrations; your app may not work properly until they are applied. Run 'python manage.py migrate' to apply them. August 12, 2016 - 13:28:23 Django version 1.8.14, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. [12/Aug/2016 13:28:55] "GET / HTTP/1.1" 200 1767 [12/Aug/2016 13:28:55] "GET /favicon.ico HTTP/1.1" 404 1936 [12/Aug/2016 13:28:55] "GET /favicon.ico HTTP/1.1" 404 1936 django previous versions were installed on this laptop, so $ python manage.py migrate Operations to perform: Synchronize unmigrated apps: staticfiles, messages Apply all migrations: admin, contenttypes, auth, sessions Synchronizing apps without migrations: Creating tables... Running deferred SQL... Installing custom SQL... Running migrations: Rendering model states... DONE Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK Applying admin.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying sessions.0001_initial... OK then python manage.py runserver Performing system checks... System check identified no issues (0 silenced). August 12, 2016 - 13:29:52 Django version 1.8.14, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. [12/Aug/2016 13:30:01] "GET / HTTP/1.1" 200 1767 And I could access the page above. CC:
(none) =>
herman.viaene
Herman Viaene
2016-08-12 15:38:26 CEST
Whiteboard:
has_procedure =>
has_procedure MGA5-32-OK
Dave Hodgins
2016-08-18 23:58:39 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0282.html Status:
NEW =>
RESOLVED |