FEDORA-2015-a8c8f60fbd — security update for python-django

stable

python-django-1.8.7-1.fc23

FEDORA-2015-a8c8f60fbd created by mrunge 10 years ago for Fedora 23

This update fixes CVE-2015-8213: Fixed settings leak possibility in date template filter, more info can be found https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-a8c8f60fbd

This update has been submitted for testing by mrunge.

10 years ago

This update has been pushed to testing.

10 years ago

enaut commented & provided feedback 10 years ago

karma

I cannot reproduce the security flaw. I wrote a template containing only : { foo|date:bar }} and redered it with: render(request, 'test.html', {'foo':datetime.date.today(), 'bar':'"SECRET_KEY"'}) But with Django 1.8.4 and with Django 1.8.7 I get the same desired result. So no karma for the fixes but for the release.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by bodhi.

10 years ago

barracks510 commented & provided feedback 10 years ago

karma

No regressions... Works for me.

This update has been pushed to stable.

10 years ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

10 years ago

in testing

10 years ago

in stable

10 years ago

Builds

python-django-1.8.7-1.fc23

BZ#1283553 CVE-2015-8213 python-django: Information leak through date template filter

BZ#1285278 CVE-2015-8213 python-django: Information leak through date template filter [fedora-all]

python-django-1.8.7-1.fc23

Automated Test Results

None