FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- multiple vulnerabilities

Affected packages
1.4	<=	py26-django	<	1.4.1
1.3	<=	py26-django	<	1.3.2
1.4	<=	py27-django	<	1.4.1
1.3	<=	py27-django	<	1.3.2
		py26-django-devel	<	20120731,1
		py27-django-devel	<	20120731,1

Details

VuXML ID	f01292a0-db3c-11e1-a84b-00e0814cab4e
Discovery	2012-07-30
Entry	2012-07-31
Modified	2014-04-30

The Django project reports:

Today the Django team is issuing multiple releases -- Django 1.3.2 and Django 1.4.1 -- to remedy security issues reported to us:

Cross-site scripting in authentication views

Denial-of-service in image validation

Denial-of-service via get_image_dimensions()

All users are encouraged to upgrade Django immediately.

[source]

References

CVE Name	CVE-2012-3442
CVE Name	CVE-2012-3443
CVE Name	CVE-2012-3444
URL	https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/