{"id":"SUSE-SU-2015:0695-1","summary":"Security update for python-django","details":"\npython-django was updated to 1.5.10 fixing bugs and security issues:\n\n    * Prevented reverse() from generating URLs pointing to other hosts to\n      prevent phishing attacks. (bnc#893087, CVE-2014-0480)\n    * Removed O(n) algorithm when uploading duplicate file names to fix\n      file upload denial of service. (bnc#893088, CVE-2014-0481)\n    * Modified RemoteUserMiddleware to logout on REMOTE_USE change to\n      prevent session hijacking. (bnc#893089, CVE-2014-0482)\n    * Prevented data leakage in contrib.admin via query string\n      manipulation. (bnc#893090, CVE-2014-0483)\n\nSecurity Issues:\n\n    * CVE-2014-0480\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0480\u003e\n    * CVE-2014-0481\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0481\u003e\n    * CVE-2014-0482\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0482\u003e\n    * CVE-2014-0483\n      \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0483\u003e\n\n","modified":"2026-02-04T02:17:29.821596Z","published":"2014-09-03T15:51:02Z","related":["CVE-2014-0480","CVE-2014-0481","CVE-2014-0482","CVE-2014-0483","CVE-2015-0219","CVE-2015-0220","CVE-2015-0221","CVE-2015-0222","CVE-2015-2316","CVE-2015-2317"],"upstream":["CVE-2014-0480","CVE-2014-0481","CVE-2014-0482","CVE-2014-0483","CVE-2015-0219","CVE-2015-0220","CVE-2015-0221","CVE-2015-0222","CVE-2015-2316","CVE-2015-2317"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150695-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/893087"},{"type":"REPORT","url":"https://bugzilla.suse.com/893088"},{"type":"REPORT","url":"https://bugzilla.suse.com/893089"},{"type":"REPORT","url":"https://bugzilla.suse.com/893090"},{"type":"REPORT","url":"https://bugzilla.suse.com/913053"},{"type":"REPORT","url":"https://bugzilla.suse.com/913054"},{"type":"REPORT","url":"https://bugzilla.suse.com/913055"},{"type":"REPORT","url":"https://bugzilla.suse.com/913056"},{"type":"REPORT","url":"https://bugzilla.suse.com/914706"},{"type":"REPORT","url":"https://bugzilla.suse.com/923176"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0482"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0483"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0219"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0220"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0221"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0222"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2316"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2317"}],"schema_version":"1.7.3"}