Security Information / 2019 / Security Information -- DSA-4476-1 python-django

Debian Security Advisory

DSA-4476-1 python-django -- security update

Date Reported:

05 Jul 2019

Affected Packages:

python-django

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-6975, CVE-2019-12308, CVE-2019-12781.

More information:

Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS.

For the stable distribution (stretch), these problems have been fixed in version 1:1.10.7-2+deb9u5.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django