Information on source package python-django

Available versions

ReleaseVersion
jessie (security)1.7.11-1+deb8u3
stretch1:1.10.7-2+deb9u1
stretch (security)1:1.10.7-2+deb9u2
buster1:1.11.16-3
sid1:1.11.16-3

Resolved issues

BugDescription
TEMP-0407607-240F77python-django flup/FastCGI/debugging issue
CVE-2018-7537An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...
CVE-2018-7536An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...
CVE-2018-6188django.contrib.auth.forms.AuthenticationForm in Django 2.0 before ...
CVE-2018-16984An issue was discovered in Django 2.1 before 2.1.2, in which ...
CVE-2018-14574django.middleware.common.CommonMiddleware in Django 1.11.x before ...
CVE-2017-7234A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...
CVE-2017-7233Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...
CVE-2017-12794In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML ...
CVE-2016-9014Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x ...
CVE-2016-9013Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before ...
CVE-2016-7401The cookie parsing code in Django before 1.8.15 and 1.9.x before ...
CVE-2016-6186Cross-site scripting (XSS) vulnerability in the ...
CVE-2016-2513The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...
CVE-2016-2512The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ...
CVE-2016-2048Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, ...
CVE-2015-8213The get_format function in utils/formats.py in Django before 1.7.x ...
CVE-2015-5964The (1) contrib.sessions.backends.base.SessionBase.flush and (2) ...
CVE-2015-5963contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before ...
CVE-2015-5145validators.URLValidator in Django 1.8.x before 1.8.3 allows remote ...
CVE-2015-5144Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and ...
CVE-2015-5143The session backends in Django before 1.4.21, 1.5.x through 1.6.x, ...
CVE-2015-3982The session.flush function in the cached_db backend in Django 1.8.x ...
CVE-2015-2317The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, ...
CVE-2015-2316The utils.html.strip_tags function in Django 1.6.x before 1.6.11, ...
CVE-2015-2241Cross-site scripting (XSS) vulnerability in the contents function in ...
CVE-2015-0222ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x ...
CVE-2015-0221The django.views.static.serve view in Django before 1.4.18, 1.6.x ...
CVE-2015-0220The django.util.http.is_safe_url function in Django before 1.4.18, ...
CVE-2015-0219Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 ...
CVE-2014-3730The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...
CVE-2014-1418Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...
CVE-2014-0483The administrative interface (contrib.admin) in Django before 1.4.14, ...
CVE-2014-0482The contrib.auth.middleware.RemoteUserMiddleware middleware in Django ...
CVE-2014-0481The default configuration for the file upload handling system in ...
CVE-2014-0480The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x ...
CVE-2014-0474The (1) FilePathField, (2) GenericIPAddressField, and (3) ...
CVE-2014-0473The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, ...
CVE-2014-0472The django.core.urlresolvers.reverse function in Django before 1.4.11, ...
CVE-2013-6044The is_safe_url function in utils/http.py in Django 1.4.x before ...
CVE-2013-4315Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...
CVE-2013-4249Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget ...
CVE-2013-1665The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...
CVE-2013-1443The authentication framework (django.contrib.auth) in Django 1.4.x ...
CVE-2013-0306The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...
CVE-2013-0305The administrative interface for Django 1.3.x before 1.3.6, 1.4.x ...
CVE-2012-4520The django.http.HttpRequest.get_host function in Django 1.3.x before ...
CVE-2012-3444The get_image_dimensions function in the image-handling functionality ...
CVE-2012-3443The django.forms.ImageField class in the form system in Django before ...
CVE-2012-3442The (1) django.http.HttpResponseRedirect and (2) ...
CVE-2011-4140The CSRF protection mechanism in Django through 1.2.7 and 1.3.x ...
CVE-2011-4139Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host ...
CVE-2011-4138The verify_exists functionality in the URLField implementation in ...
CVE-2011-4137The verify_exists functionality in the URLField implementation in ...
CVE-2011-4136django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...
CVE-2011-0698Directory traversal vulnerability in Django 1.1.x before 1.1.4 and ...
CVE-2011-0697Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ...
CVE-2011-0696Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly ...
CVE-2010-4535The password reset functionality in django.contrib.auth in Django ...
CVE-2010-4534The administrative interface in django.contrib.admin in Django before ...
CVE-2010-3082Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...
CVE-2009-3695Algorithmic complexity vulnerability in the forms library in Django ...
CVE-2009-2659The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...
CVE-2008-3909The administration application in Django 0.91, 0.95, and 0.96 stores ...
CVE-2008-2302Cross-site scripting (XSS) vulnerability in the login form in the ...
CVE-2007-5828** DISPUTED ** ...
CVE-2007-5712The internationalization (i18n) framework in Django 0.91, 0.95, ...
CVE-2007-0405The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...
CVE-2007-0404bin/compile-messages.py in Django 0.95 does not quote argument strings ...

Security announcements

DSA / DLADescription
DSA-4264-1python-django - security update
DSA-4161-1python-django - security update
DSA-4161-1python-django - security update
DLA-1303-1python-django - security update
DSA-3835-1python-django - security update
DLA-885-1python-django - security update
DLA-706-1python-django - security update
DLA-649-1python-django - security update
DSA-3678-1python-django - security update
DLA-590-1python-django - security update
DLA-555-1python-django - security update
DSA-3622-1python-django - security update
DSA-3544-1python-django - security update
DSA-3544-1python-django - security update
DSA-3404-1python-django - security update
DSA-3404-1python-django - security update
DLA-349-1python-django - security update
DLA-301-1python-django - security update
DSA-3338-1python-django - security update
DSA-3338-1python-django - security update
DLA-272-1python-django - security update
DSA-3305-1python-django - security update
DSA-3305-1python-django - security update
DSA-3204-1python-django - security update
DSA-3151-1python-django - security update
DLA-143-1python-django - security update
DLA-65-1python-django - security update
DSA-3010-1python-django - security update
DSA-2934-1python-django - security update
DSA-2934-1python-django - security update
DSA-2758-1python-django - denial of service
DSA-2758-1python-django - denial of service
DSA-2755-1python-django - directory traversal
DSA-2755-1python-django - directory traversal
DSA-2740-2python-django - regression
DSA-2740-1python-django - cross-site scripting vulnerability
DSA-2740-1python-django - cross-site scripting vulnerability
DSA-2634-1python-django - several vulnerabilities
DSA-2529-1python-django - several
DSA-2332-1python-django - several issues
DSA-2332-1python-django - several issues
DSA-2163-1python-django - multiple
DSA-1905-1python-django - denial of service
DSA-1640-1python-django - cross site request forgery

Search for package or bug name: Reporting problems