1
PublicDateAtUSN: 2016-09-26 18:00:00
2
Candidate: CVE-2016-7401
3
CRD: 2016-09-26 18:00:00
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401
7
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
8
https://usn.ubuntu.com/usn/usn-3089-1
10
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10,
11
when used on a site with Google Analytics, allows remote attackers to
12
bypass an intended CSRF protection mechanism by setting arbitrary cookies.
17
Discovered-by: Sergey Bobrov
20
Patches_python-django:
21
upstream_python-django: released (1.8.15,1.9.10)
22
precise_python-django: released (1.3.1-4ubuntu1.21)
23
trusty_python-django: released (1.6.1-2ubuntu0.15)
24
vivid/stable-phone-overlay_python-django: DNE
25
vivid/ubuntu-core_python-django: DNE
26
xenial_python-django: released (1.8.7-1ubuntu5.2)
27
devel_python-django: released (1.8.7-1ubuntu8)