Upstream has issued an advisory on April 4: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ The issues are fixed in 1.8.18. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Ubuntu has issued an advisory for this on April 4: https://www.ubuntu.com/usn/usn-3254-1/
noted, I will upgrade mg5 and mga6 packages
Status: NEW => ASSIGNED
Again, because this morning's changes got lost: Copying Philippem's advisory etc from QA ml: ___________________________________________________________________________ python-django-1.8.16-1.1.mga5 in 5/core/updates_testing packages : python-django-1.8.16-1.1.mga5.noarch.rpm python-django-bash-completion-1.8.16-1.1.mga5.noarch.rpm python3-django-1.8.16-1.1.mga5.noarch.rpm python-django-doc-1.8.16-1.1.mga5.noarch.rpm from : python-django-1.8.16-1.1.mga5.src.rpm Advisory : It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A remote attacker could possibly use a Django server as an open redirect. (CVE-2017-7234) refs : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234 https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ http://www.ubuntu.com/usn/usn-3254-1
Assignee: makowski.mageia => qa-bugsWhiteboard: MGA5TOO => (none)Status: ASSIGNED => NEWVersion: Cauldron => 5CC: (none) => makowski.mageia, marja11
Tested as per https://bugs.mageia.org/show_bug.cgi?id=17860#c7 Advisory added to svn. Validating the update.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0106.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED