[Python-modules-team] Bug#780874: python-django: CVE-2015-2316: Denial-of-service possibility with strip_tags()

Salvatore Bonaccorso carnil at debian.org
Fri Mar 20 20:01:58 UTC 2015

Source: python-django
Version: 1.7.6-1
Severity: important
Tags: security upstream patch fixed-upstream


the following vulnerability was published for python-django.

Denial-of-service possibility with strip_tags()

AFAICS this actually is only a problem if it would be used with Python
< 2.7.7 or < 3.3.5, according to the upstream advisory. So should not
affect (apart source-wise) the package in jessie and sid. Can you
confirm that?

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-2316
[1] https://www.djangoproject.com/weblog/2015/mar/18/security-releases/


More information about the Python-modules-team mailing list