From ${URL} : CVE-2016-6186: XSS in admin's add/change related popup Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's also updated to use textContent. Thanks Vulnerability Laboratory for reporting the issue and Paulo Alvarado for forwarding it to us. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I've bumped Django to 1.8.14 and 1.9.9, added 1.10 and removed 1.9.2 and 1.9.5. @python: could you please handle stabilization of 1.8.14 and drop 1.8.9?
commit 6855253051c53fdcb07f62b792218550fa708bf8 Author: Justin Lecher <jlec@gentoo.org> Date: Sat Jun 3 20:33:58 2017 +0100 dev-python/django: Version Bump CVE-201{6-{2512,7401,9013,9014},7-{7233,7234}} Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=576876 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=589134 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=595544 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=598770 Package-Manager: Portage-2.3.6, Repoman-2.3.2 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6855253051c53fdcb07f62b792218550fa708bf8
All done, repository is clean.