CVE-2017-7233 Ubuntu Security Notification for Python-django Vulnerabilities (USN-3254-1)

It was discovered that Django incorrectly handled numeric redirect URLs.

It was discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used.

A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233)

A remote attacker could possibly use a Django server as an open redirect. (CVE-2017-7234)

Refer to Ubuntu advisory USN-3254-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3254-1: 16.04 (Xenial) on src (python-django)

USN-3254-1: 12.04 (Precise) on src (python-django)

USN-3254-1: 16.10 (Yakkety) on src (python-django)

USN-3254-1: 16.10 (Yakkety) on src (python3-django)

USN-3254-1: 16.04 (Xenial) on src (python3-django)

USN-3254-1: 14.04 (Kylin) on src (python-django)