Candidate: CVE-2015-2241
PublicDate: 2015-03-12 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2241
 https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
Description:
 Cross-site scripting (XSS) vulnerability in the contents function in
 admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote
 attackers to inject arbitrary web script or HTML via a model attribute in
 ModelAdmin.readonly_fields, as demonstrated by a @property.
Ubuntu-Description:
Notes:
 mdeslaur> only affects 1.7.x
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-django:
 upstream: https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5 (1.7)
 upstream: https://github.com/django/django/commit/35d68e8e766217924375e1a91533fee50159291c (1.8)
upstream_python-django: released (1.7.6-1)
lucid_python-django: not-affected
precise_python-django: not-affected
trusty_python-django: not-affected
trusty/esm_python-django: not-affected
utopic_python-django: not-affected
devel_python-django: released (1.7.6-1ubuntu1)