Validity of this issue is being discussed even by Django upstream developers,
they do not all share the same view of the issue:

http://groups.google.com/group/django-developers/browse_thread/thread/1ea43b6adbcaf7fc/8f0796d4843f7463#8f0796d4843f7463
http://bugs.gentoo.org/show_bug.cgi?id=198347

Reporter's mail informs that application using Django may be prone to CSRF
vulnerabilities, which should be "easy" to fix by using Django's CSRF protection
middleware as described here:

http://www.djangoproject.com/documentation/csrf/

Django's admin panel should be affected by CSRF problem too.  Moreover,
discussion referenced above suggests that enabling CsrfMiddleware may break
admin panel.

Michel, can you please advice here?  It any fix needed / possible for Fedora
Django packages?  Thanks!

Any deployed application should have the admin interface disabled, or restricted
to trusted hosts only, so this is probably best left to upstream to deal with.

The discussion has gone quiet upstream; I'm not sure we need to do anything
here. Noting that Gentoo also closes the bug as invalid.

(In reply to comment #2)
> Any deployed application should have the admin interface disabled, or 
> restricted to trusted hosts only, so this is probably best left to upstream
> to deal with.

As this was reported as CSRF attack, access restricted to trusted hosts only
does not qualify as the counter-measure.

> The discussion has gone quiet upstream; I'm not sure we need to do anything
> here. Noting that Gentoo also closes the bug as invalid.

Their reason for closing as invalid is not 100% correct imho.  Part of the
report was that admin panel does not use CSRF middleware, so I'd say this still
qualifies as CSRF issue again Django.  But yes, this should probably be dealt
with by upstream.