FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- multiple vulnerabilities

Affected packages
	py27-django	<	1.8.18
	py33-django	<	1.8.18
	py34-django	<	1.8.18
	py35-django	<	1.8.18
	py36-django	<	1.8.18
	py27-django18	<	1.8.18
	py33-django18	<	1.8.18
	py34-django18	<	1.8.18
	py35-django18	<	1.8.18
	py36-django18	<	1.8.18
	py27-django19	<	1.9.13
	py33-django19	<	1.9.13
	py34-django19	<	1.9.13
	py35-django19	<	1.9.13
	py36-django19	<	1.9.13
	py27-django110	<	1.10.7
	py33-django110	<	1.10.7
	py34-django110	<	1.10.7
	py35-django110	<	1.10.7
	py36-django110	<	1.10.7

Details

VuXML ID	dc880d6c-195d-11e7-8c63-0800277dcc69
Discovery	2017-04-04
Entry	2017-04-04

Django team reports:

These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

Open redirect and possible XSS attack via user-supplied numeric redirect URLs

Open redirect vulnerability in django.views.static.serve()

[source]

References

CVE Name	CVE-2017-7233
CVE Name	CVE-2017-7234
URL	https://www.djangoproject.com/weblog/2017/apr/04/security-releases/