Reference: MLIST:[oss-security] 20090729 CVE Request (django)
The Admin media handler in core/servers/basehttp.py in Django 1.0 and
0.96 does not properly map URL requests to expected "static media
files," which allows remote attackers to conduct directory traversal
attacks and read arbitrary files via a crafted URL.
Created django tracking bugs for this issue
CVE-2009-2659 Affects: F10 [bug #515582]
CVE-2009-2659 Affects: F11 [bug #515583]
CVE-2009-2659 Affects: Fdevel [bug #515584]
This issue is public, no need for private bug.
These should all be resolved in the current release. I don't have access to close bug #515582 or bug #515583. I believe they can be closed as well.
Done. All closed. All versions of Fedora have been updated: