921756 – (CVE-2015-2241) VUL-0: CVE-2015-2241: python-Django: 1.7.6 release fixes XSS attack via properties in ModelAdmin.readonly_fields

Bug 921756 (CVE-2015-2241) - VUL-0: CVE-2015-2241: python-Django: 1.7.6 release fixes XSS attack via properties in ModelAdmin.readonly_fields

Summary: VUL-0: CVE-2015-2241: python-Django: 1.7.6 release fixes XSS attack via prope...

Status:	RESOLVED FIXED

Alias:	CVE-2015-2241

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE Factory

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Alberto Planas Dominguez
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/114595/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-03-11 13:26 UTC by Marcus Meissner
Modified:	2017-08-08 15:39 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-03-11 13:26:25 UTC

CVE-2015-2241

https://www.djangoproject.com/weblog/2015/mar/09/security-releases/

python Django 1.7.6 fixes an XSS

Older Django versions are not affected.

=> only factory needs an update as far as I see.

Comment 1 Alberto Planas Dominguez 2015-03-11 16:50:42 UTC

https://build.opensuse.org/request/show/290320

Comment 2 Johannes Segitz 2017-08-08 15:39:09 UTC

fixed in Leap and Factory