[Python-modules-team] Bug#780874: python-django: CVE-2015-2316: Denial-of-service possibility with strip_tags()
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 20 20:01:58 UTC 2015
Source: python-django
Version: 1.7.6-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for python-django.
CVE-2015-2316[0]:
Denial-of-service possibility with strip_tags()
AFAICS this actually is only a problem if it would be used with Python
< 2.7.7 or < 3.3.5, according to the upstream advisory. So should not
affect (apart source-wise) the package in jessie and sid. Can you
confirm that?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-2316
[1] https://www.djangoproject.com/weblog/2015/mar/18/security-releases/
Regards,
Salvatore
More information about the Python-modules-team
mailing list