[Python-modules-team] Bug#816434: CVE-2016-2512 and CVE-2016-2513
lfaraone at debian.org
Tue Mar 1 20:04:03 UTC 2016
Today Django published an advisory for 1.9.3 and 1.8.10.
I am investigating whether stable is affected; it is likely.
> Malicious redirect and possible XSS attack via user-supplied redirect URLs
> containing basic auth
> User enumeration through timing difference on password hasher work factor
More information about the Python-modules-team