{"id":"MGASA-2014-0231","summary":"Updated python-django package fix two vulnerabilities","details":"Updated python-django and python-dgango14 packages fix security\nvulnerabilities:\n\nStephen Stewart, Michael Nelson, Natalia Bidart and James Westby\ndiscovered that Django improperly removed Vary and Cache-Control headers\nfrom HTTP responses when replying to a request from an Internet Explorer\nor Chrome Frame client. An attacker may use this to retrieve private data\nor poison caches. This update removes workarounds for bugs in Internet\nExplorer 6 and 7 (CVE-2014-1418).\n\nPeter Kuma and Gavin Wahl discovered that Django did not correctly\nvalidate some malformed URLs, which are accepted by some browsers. An\nattacker may use this to cause unexpected redirects (CVE-2014-3730).\n","modified":"2026-04-16T01:48:24.586250264Z","published":"2014-05-19T18:53:32Z","upstream":["CVE-2014-1418","CVE-2014-3730"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0231.html"},{"type":"WEB","url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2212-1/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13384"}],"affected":[{"package":{"name":"python-django","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/python-django?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.13-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0231.json"}},{"package":{"name":"python-django","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/python-django?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.8-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0231.json"}},{"package":{"name":"python-django14","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/python-django14?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.13-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0231.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}