Summary: | =dev-python/django-1.7.5: XSS (CVE-2015-2241) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jlec, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-03-11 13:42:04 UTC
Already fixed 3 days ago: *django-1.7.6 (09 Mar 2015) 09 Mar 2015; Justin Lecher <jlec@gentoo.org> +django-1.7.6.ebuild, +files/django-1.7.6-bashcomp.patch, -django-1.7.5.ebuild, -files/django-1.7.5-bashcomp.patch: Version Bump to fix CVE-2015-2241 CVE-2015-2241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2241): Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. This only affects the 1.7.X branch which is not stable. Changing Whiteboard to ~4 and closing. Current version in tree 1.7.7 due to bug 543754 |