Bug 1202818 (CVE-2015-2317)
Summary: | CVE-2015-2317 Django: possible XSS attack via user-supplied redirect URLs | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> | ||||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||||||
Severity: | low | Docs Contact: | |||||||||||||
Priority: | low | ||||||||||||||
Version: | unspecified | CC: | abaron, apevec, bkearney, cbillett, chrisw, dallan, gkotton, lhh, lpeer, markmc, mrunge, rbryant, sclewis, security-response-team, srevivo, tomckay | ||||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Django 1.8rc1, Django 1.7.7, Django 1.6.11, Django 1.4.20 | Doc Type: | Bug Fix | ||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2021-10-21 00:44:28 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Bug Depends On: | 1203616, 1203617, 1203618, 1203619 | ||||||||||||||
Bug Blocks: | 1202821 | ||||||||||||||
Attachments: |
|
Description
Martin Prpič
2015-03-17 13:44:48 UTC
Created attachment 1002809 [details]
is-safe-url-1.4.diff
Created attachment 1002810 [details]
is-safe-url-1.6.diff
Created attachment 1002811 [details]
is-safe-url-1.7.diff
Created attachment 1002812 [details]
is-safe-url-1.8.diff
Created attachment 1002813 [details]
is-safe-url-master.diff
External References: https://www.djangoproject.com/weblog/2015/mar/18/security-releases/ Created Django14 tracking bugs for this issue: Affects: epel-6 [bug 1203619] Created python-django14 tracking bugs for this issue: Affects: fedora-20 [bug 1203617] Created python-django tracking bugs for this issue: Affects: fedora-all [bug 1203616] Affects: epel-7 [bug 1203618] python-django-1.6.11-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. Django14-1.4.20-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. python-django14-1.4.20-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |