Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0057 python-django security update 7 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-django Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-3498 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running python-django check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : python-django Version : 1.7.11-1+deb8u4 CVE ID : CVE-2019-3498 Debian Bug : #918230 It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see: https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ For Debian 8 "Jessie", this issue has been fixed in python-django version 1.7.11-1+deb8u4. We recommend that you upgrade your python-django packages. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwyVjMACgkQHpU+J9Qx Hlii2RAArou3FE/tuZDRzJq34JmyRg8VToxpSWIqSEyIFlqnzHwzPEHLb19LoRBe hgSDjf9+Hzr72jjZhRbMyILJcLhjqvdMM+7xTTh/MUAckea4oAMD8U1NggcI/gK6 Evelr5mKUF9ItfTaD0uqQa6Ck+xg3V10XxcKMA9Arzk8yFe5jPnQIOhj3Y8roR0i LcALPG/vO0jdIG0SA/q3P7j5Q+TjWp9lCwbJqFWyWnNy5mTdK19Ixud0y2BkX5KC n57ksEdPfI+/CvQ1u3e18ZcfOxS9ICmoIr8cosrOnnZtVrb/m0SbmjlIbyLARYIu morWh2l/oYaKSyDl2gbty+3VKMkd7qXrC14wCmar4N5ECg3aEwb1qhqyL3PjIEm4 gIIAidzDe61QE0S0tkmQaF1Ee7z6+rSRrTceeaA0u/94i0EM4s4wXyggsyQk5Zk+ GDBwZr23ut8cREZyPe5DZC+XHsgwErbRsAeCW/vclEFIGGjuWEU9zEBRZFiwBcVz CitxNtA3dy+xiwlTpwdIjh6Hq2quFAoULIHUD90XSI3Ky3m0XBPWIJXe85Jef1Lq 72k/RShTK/AtHJzrTgKzP9BS6o/PlnE5BaPxAOX26xLpeWlZ9Uk6xJ2/qZXbKpG8 ppxW7iH6wlEgmkhO7KXNFf/ha/nWLIfQaHG4kSjN7uCvrXsgr+Y= =uzAM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXDKi8maOgq3Tt24GAQgIAA//QfIU/lg7QlDhUg90as2Pt/panikP2b0G Ms7hLGwMUs6LZP6jnZyBMgZSiNNReLFdrcQqt0TzCvAMR71Hc3ewa5Kk30QEir4F jD6eCw5PzvHrxVSt/hFcoUCLCnVQSDox581Bqi3yBWvz2raFths0FQNCnnEhHSFV O9J46jACp39w99DLRtkK52fvodUbu9osK8MRqrJ1wjlhjnsSJ0HFUeRVMNz4pNRu bazTCLqHXhqQYYqR+KmfrojAVmbVuwD/kTRR03QcGrgFb+Wj2X18zux6dJ9Bugr0 dCGSO3MAFRhrFjCGQXi0o8n7Lqjw0YjlW+KgO0xiGDV+rXkPVA/iTBn/NQkjDZ1Z d6X2X/ObL0GaAE/W6mSYU8c+xPw3r3IiF/YGpUYtJKn93wsv+IuuU41JUJblSxyK CXnuY5AljQKYsAyKHxxQIcYiKqV1xabA30jUTYyL8Rwk1knsHjBM6vdUMRSSDgcG Ft6R++8ZSNrPW0PnKEipTvOQ/7DBtJqA+X13UMWwXBkRJ1iR1HFMCVn70D5ZD4yP RfQrJy5zg4nvFo8VhHK0ygM9Y3+xalWynLofadoWbSI5uXmSKDyBtD8s/G4g6lNT 63MdGkWk/zSoAslwvVATR548fPF3YKAkrzcmvP3SCD4G7Rgc6BZWMQhYUgAWdKHm kJvQyeHCei0= =FCvV -----END PGP SIGNATURE-----