Bugzilla – Bug 1031451
VUL-1: CVE-2017-7234: python-django: Open redirect vulnerability in django.views.static.serve()
Last modified: 2020-06-17 02:13:37 UTC
EMBARGOED via pre-notification. CRD: 2017-04-04 14:00 UTC CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() ========================================================================= A maliciously crafted URL to a Django site using the serve() view could redirect to any other domain. The view no longer does any redirects as they don't provide any known, useful functionality. Note, however, that this view has always carried a warning that it is not hardened for production use and should be used only as a development aid. Affected versions ================= * Django master development branch * Django 1.11 (currently at release candidate status) * Django 1.10 * Django 1.9 * Django 1.8
Public at https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
This is an autogenerated message for OBS integration: This bug (1031451) was mentioned in https://build.opensuse.org/request/show/589964 42.3 / python-Django
This is an autogenerated message for OBS integration: This bug (1031451) was mentioned in https://build.opensuse.org/request/show/590768 42.3 / python3-Django
openSUSE-SU-2018:0824-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1001374,1008047,1008050,1031450,1031451,1056284,1083304,1083305,967999,968000 CVE References: CVE-2016-2048,CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401,CVE-2016-9013,CVE-2016-9014,CVE-2017-12794,CVE-2017-7233,CVE-2017-7234,CVE-2018-7536,CVE-2018-7537 Sources used: openSUSE Leap 42.3 (src): python3-Django-1.8.19-5.3.1
openSUSE-SU-2018:0826-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1001374,1008047,1008050,1031450,1031451,1056284,1083304,1083305,967999,968000 CVE References: CVE-2016-2048,CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401,CVE-2016-9013,CVE-2016-9014,CVE-2017-12794,CVE-2017-7233,CVE-2017-7234,CVE-2018-7536,CVE-2018-7537 Sources used: openSUSE Leap 42.3 (src): python-Django-1.8.19-6.4.1
SUSE-SU-2018:0973-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1001374,1008047,1008050,1031450,1031451,1056284,1083304,1083305 CVE References: CVE-2016-7401,CVE-2016-9013,CVE-2016-9014,CVE-2017-12794,CVE-2017-7233,CVE-2017-7234,CVE-2018-7536,CVE-2018-7537 Sources used: SUSE OpenStack Cloud 7 (src): python-Django-1.8.19-3.4.1
SUSE-SU-2018:1102-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1001374,1008047,1008050,1031450,1031451,1056284,1083304,1083305,967999 CVE References: CVE-2016-2512,CVE-2016-7401,CVE-2016-9013,CVE-2016-9014,CVE-2017-12794,CVE-2017-7233,CVE-2017-7234,CVE-2018-7536,CVE-2018-7537 Sources used: SUSE OpenStack Cloud 6 (src): python-Django-1.8.19-3.6.1
done