Bug 23377 - python-django new security issue CVE-2018-14574
Summary: python-django new security issue CVE-2018-14574
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Python Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-02 14:01 CEST by David Walser
Modified: 2018-08-25 14:45 CEST (History)
2 users (show)

See Also:
Source RPM: python-django-1.11.13-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-08-02 14:01:39 CEST 
Upstream has issued an advisory on August 1:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/

The issue is fixed upstream in 1.11.15.

I don't know if older versions are affected (like 1.8.x in Mageia 6) because they're no longer supported upstream.
Comment 1 Marja Van Waes 2018-08-02 14:24:19 CEST 
Assigning to the Python stack maintainers.

CC: (none) => marja11
Assignee: bugsquad => python

Comment 2 David Walser 2018-08-02 15:49:38 CEST 
Ubuntu has issued an advisory for this on August 1:
https://usn.ubuntu.com/3726-1/

From their notes on the CVE, it sounds like 1.8.x is not affected:
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14574.html
Comment 3 Philippe Makowski 2018-08-25 13:32:20 CEST 
updated in cauldron

CC: (none) => makowski.mageia

Comment 4 David Walser 2018-08-25 14:45:20 CEST 
Fixed in python-django-1.11.15-1.mga7.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.