FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- multiple vulnerabilities

Affected packages
	py27-django	<	1.8.16
	py33-django	<	1.8.16
	py34-django	<	1.8.16
	py35-django	<	1.8.16
	py27-django18	<	1.8.16
	py33-django18	<	1.8.16
	py34-django18	<	1.8.16
	py35-django18	<	1.8.16
	py27-django19	<	1.9.11
	py33-django19	<	1.9.11
	py34-django19	<	1.9.11
	py35-django19	<	1.9.11
	py27-django110	<	1.10.3
	py33-django110	<	1.10.3
	py34-django110	<	1.10.3
	py35-django110	<	1.10.3

Details

VuXML ID	cb116651-79db-4c09-93a2-c38f9df46724
Discovery	2016-11-01
Entry	2016-11-02

The Django project reports:

Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

User with hardcoded password created when running tests on Oracle

DNS rebinding vulnerability when DEBUG=True

[source]

References

CVE Name	CVE-2016-9013
CVE Name	CVE-2016-9014
URL	https://www.djangoproject.com/weblog/2016/nov/01/security-releases/