[ubuntu/xenial-security] python-django 1.8.7-1ubuntu5.13 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jun 3 11:24:21 UTC 2020
python-django (1.8.7-1ubuntu5.13) xenial-security; urgency=medium
* SECURITY UPDATE: Potential data leakage via malformed memcached keys
- debian/patches/CVE-2020-13254.patch: enforced cache key validation in
memcached backends in django/core/cache/__init__.py,
django/core/cache/backends/base.py,
django/core/cache/backends/memcached.py, tests/cache/tests.py.
- CVE-2020-13254
* SECURITY UPDATE: Possible XSS via admin ForeignKeyRawIdWidget
- debian/patches/CVE-2020-13596.patch: fixed potential XSS in admin
ForeignKeyRawIdWidget in django/contrib/admin/widgets.py.
- CVE-2020-13596
Date: 2020-05-29 12:36:21.019179+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list