FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- multiple vulnerabilities

Affected packages
1.4.0 <= py27-django < 1.4.21
1.4.0 <= py32-django < 1.4.21
1.4.0 <= py33-django < 1.4.21
1.4.0 <= py34-django < 1.4.21
1.7.0 <= py27-django < 1.7.9
1.7.0 <= py32-django < 1.7.9
1.7.0 <= py33-django < 1.7.9
1.7.0 <= py34-django < 1.7.9
1.8.0 <= py27-django < 1.8.3
1.8.0 <= py32-django < 1.8.3
1.8.0 <= py33-django < 1.8.3
1.8.0 <= py34-django < 1.8.3
py27-django-devel <= 20150531,1
py32-django-devel <= 20150531,1
py33-django-devel <= 20150531,1
py34-django-devel <= 20150531,1

Details

VuXML ID 37ed8e9c-2651-11e5-86ff-14dae9d210b8
Discovery 2015-06-10
Entry 2015-07-09

Tim Graham reports:

In accordance with our security release policy, the Django team is issuing multiple releases -- Django 1.4.21, 1.7.9, and 1.8.3. These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We encourage all users of Django to upgrade as soon as possible. The Django master branch has also been updated.

References

CVE Name CVE-2015-5143
CVE Name CVE-2015-5144
CVE Name CVE-2015-5145
URL https://github.com/django/django/commit/014247ad1922931a2f17beaf6249247298e9dc44
URL https://github.com/django/django/commit/17d3a6d8044752f482453f5906026eaf12c39e8e
URL https://github.com/django/django/commit/df049ed77a4db67e45db5679bfc76a85d2a26680
URL https://www.djangoproject.com/weblog/2015/jul/08/security-releases/