Ubuntu Security Notice 1004-1 - It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
3364ad9e2ac8ed4e3a79bd14b0b51645fa1e00fbc2703270786d1287fe1ba192