Debian Security Advisory
DLA-649-1 python-django -- LTS security update
- Date Reported:
- 06 Oct 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-7401.
- More information:
It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework.
More information can be found in the upstream announcement:
For Debian 7
Wheezy, this issue has been fixed in python-django version 1.4.22-1+deb7u1.
We recommend that you upgrade your python-django packages.