Upstream issued an advisory on December 10:
Mandriva has issued an advisory for this today (December 19):
The oct/17 issue (CVE-2012-4520) we already fixed in October.
python-django-1.3.5-1.mga2 is in update testing
python-django-1.4.3-1.mga3 was already there
Updated python-django package fixes security vulnerability:
Host header and redirect poisoning vulnerabilities in python-django before
1.3.5 have been fixed.
Updated packages in core/updates_testing:
Previously tested with: https://docs.djangoproject.com/en/dev/intro/tutorial01/
I can't find any PoC so just checking the server starts with the tutorial
See also https://bugs.mageia.org/show_bug.cgi?id=7835#c5
Testing complete mga2 64.
Testing complete mga2 32
Advisory and SRPM in comment 3.
Could sysadmin please push from core/updates_testing to core/updates
has_procedure mga2-64-OK =>
has_procedure mga2-64-OK mga2-32-OK
Update checked into Mageia 1 SVN.