Gentoo Linux Security Advisory 201412-22 - Multiple vulnerabilities have been found in Django, the worst of which may lead to Denial of Service. Versions less than 1.6.7 are affected.
f7c853cbb69afa4284b4d978bb8f2dc5df475833df9c29ae53b639476cb70428
Ubuntu Security Notice 2347-1 - Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service. David Greisen discovered that Django incorrectly handled certain headers in contrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user could use this issue to hijack web sessions. Various other issues were also addressed.
0fab862d5b1bf1e311cd2052effe8e9230369135c3f2d4d77dc7db7767e25cc3
Mandriva Linux Security Advisory 2014-179 - Updated python-django packages fix security vulnerabilities. These releases address an issue with reverse() generating external URLs, a denial of service involving file uploads, a potential session hijacking issue in the remote-user middleware, and a data leak in the administrative interface.
6c6ad9e0a3a6bafcc98db8f311aef9fa1f50f5df6bd7c716ee23a99b64a4d279
Debian Linux Security Advisory 3010-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.
a870a2e3f43337f13da823b837e2b2a580c7b425c4bcfb883aa8dcf8c3bf1b98