python-django-1.8.7-1.fc23
FEDORA-2015-a8c8f60fbd created by mrunge 6 years ago for Fedora 23
stable

This update fixes CVE-2015-8213: Fixed settings leak possibility in date template filter, more info can be found https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2015-a8c8f60fbd

This update has been submitted for testing by mrunge.

6 years ago

This update has been pushed to testing.

6 years ago
User Icon enaut commented & provided feedback 6 years ago
karma

I cannot reproduce the security flaw. I wrote a template containing only : { foo|date:bar }} and redered it with: render(request, 'test.html', {'foo':datetime.date.today(), 'bar':'"SECRET_KEY"'}) But with Django 1.8.4 and with Django 1.8.7 I get the same desired result. So no karma for the fixes but for the release.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for stable by bodhi.

6 years ago
User Icon barracks510 commented & provided feedback 6 years ago
karma

No regressions... Works for me.

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Builds
1
python-django-1.8.7-1.fc23
Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1283553 CVE-2015-8213 python-django: Information leak through date template filter
0
0
BZ#1285278 CVE-2015-8213 python-django: Information leak through date template filter [fedora-all]
0
0

Automated Test Results

Copyright © 2007-2022 Red Hat, Inc. and others.

Running bodhi-server 6.0.0^202204150949gitd412e93 on bodhi-web-6-kmxvs.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy