Debian Security Advisory
DLA-649-1 python-django -- LTS security update
- Date Reported:
- 06 Oct 2016
- Affected Packages:
- python-django
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-7401.
- More information:
-
It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework.
More information can be found in the upstream announcement:
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
For Debian 7
Wheezy
, this issue has been fixed in python-django version 1.4.22-1+deb7u1.We recommend that you upgrade your python-django packages.