MGASA-2013-0076
| Date: | March 1st, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated python-django packages fix security vulnerabilities:
Orange Tsai discovered that the bundled administrative interface of
djangocould expose supposedly-hidden info rmation via its history log
(CVE-2013-0305).
Mozilla discovered that an attacker can abuse django's tracking of the
number of forms in a formset to cause a denial-of-service attack due to
extreme memory consumption (CVE-2013-0306).
Updated Packages:
i586:
python-django-1.3.7-1.mga2.noarch.rpm
x86_64:
python-django-1.3.7-1.mga2.noarch.rpm
SRPMS:
python-django-1.3.7-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0306
https://www.djangoproject.com/weblog/2013/feb/19/security/
http://www.debian.org/security/2013/dsa-2634
https://bugs.mageia.org/show_bug.cgi?id=9189
