Bug 23377

Summary: python-django new security issue CVE-2018-14574
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Python Stack Maintainers <python>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: makowski.mageia, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: python-django-1.11.13-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-08-02 14:01:39 CEST 
Upstream has issued an advisory on August 1:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/

The issue is fixed upstream in 1.11.15.

I don't know if older versions are affected (like 1.8.x in Mageia 6) because they're no longer supported upstream.
Comment 1 Marja Van Waes 2018-08-02 14:24:19 CEST 
Assigning to the Python stack maintainers.

CC: (none) => marja11
Assignee: bugsquad => python

Comment 2 David Walser 2018-08-02 15:49:38 CEST 
Ubuntu has issued an advisory for this on August 1:
https://usn.ubuntu.com/3726-1/

From their notes on the CVE, it sounds like 1.8.x is not affected:
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14574.html
Comment 3 Philippe Makowski 2018-08-25 13:32:20 CEST 
updated in cauldron

CC: (none) => makowski.mageia

Comment 4 David Walser 2018-08-25 14:45:20 CEST 
Fixed in python-django-1.11.15-1.mga7.

Status: NEW => RESOLVED
Resolution: (none) => FIXED