Upstream has issued an advisory on August 1: https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ The issue is fixed upstream in 1.11.15. I don't know if older versions are affected (like 1.8.x in Mageia 6) because they're no longer supported upstream.
Assigning to the Python stack maintainers.
CC: (none) => marja11Assignee: bugsquad => python
Ubuntu has issued an advisory for this on August 1: https://usn.ubuntu.com/3726-1/ From their notes on the CVE, it sounds like 1.8.x is not affected: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14574.html
updated in cauldron
CC: (none) => makowski.mageia
Fixed in python-django-1.11.15-1.mga7.
Status: NEW => RESOLVEDResolution: (none) => FIXED