Debian LTS: Security Advisory for python-django (DLA-2233-1)

The remote host is missing an update for the 'python-django' package(s) announced via the DLA-2233-1 advisory.

It was discovered that there were two issues in Django, the Python web development framework: * CVE-2020-13254: Potential a data leakage via malformed memcached keys. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends. * CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget. Query parameters to the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded. For more information, please see: This upload also addresses test failures introduced in 1.7.11-1+deb8u3 and 1.7.11-1+deb8u8 via the fixes for CVE-2018-7537 and CVE-2019-19844 respectfully.

'python-django' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For Debian 8 'Jessie', this issue has been fixed in python-django version 1.7.11-1+deb8u9. We recommend that you upgrade your python-django packages.