[Python-modules-team] Bug#816434: CVE-2016-2512 and CVE-2016-2513

Luke Faraone lfaraone at debian.org
Tue Mar 1 20:04:03 UTC 2016

Source: python-django
Version: 1.9.2-1
Severity: important
Tags: security

Today Django published an advisory for 1.9.3 and 1.8.10.

I am investigating whether stable is affected; it is likely. 


> Malicious redirect and possible XSS attack via user-supplied redirect URLs
> containing basic auth

> User enumeration through timing difference on password hasher work factor
> upgrade

More information about the Python-modules-team mailing list