ALT-PU-2015-2030-1
Package python-module-django updated to version 1.8.7-alt1 for branch sisyphus in task 153866.
Closed vulnerabilities
Published: 2015-12-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Severity: MEDIUM (5.0)
References:
- FEDORA-2015-a8c8f60fbd
- FEDORA-2015-a8c8f60fbd
- FEDORA-2015-323274d412
- FEDORA-2015-323274d412
- openSUSE-SU-2015:2199
- openSUSE-SU-2015:2199
- openSUSE-SU-2015:2202
- openSUSE-SU-2015:2202
- RHSA-2016:0129
- RHSA-2016:0129
- RHSA-2016:0156
- RHSA-2016:0156
- RHSA-2016:0157
- RHSA-2016:0157
- RHSA-2016:0158
- RHSA-2016:0158
- DSA-3404
- DSA-3404
- 77750
- 77750
- 1034237
- 1034237
- USN-2816-1
- USN-2816-1
- https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
- https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
- https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
- https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/