apticron report [Tue, 03 Feb 2015 09:48:15 +0100] ======================================================================== apticron has detected that some packages need upgrading on: hexagon.federez.net [ 5.39.82.35 2001:41d0:8:9423::1 5.39.82.35 2001:41d0:8:9423::1 ] The following packages are currently pending an upgrade: python-django 1.4.5-1+deb7u9 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour python-django --- python-django (1.4.5-1+deb7u9) wheezy-security; urgency=high * New upstream security release: https://www.djangoproject.com/weblog/2015/jan/13/security/ - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219) - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220) - Denial-of-service attack against django.views.static.serve (CVE-2015-0221) Closes: #775375 * Also include a fix for a regression introduced by the patch for CVE-2015-0221: https://code.djangoproject.com/ticket/24158 -- Raphaël Hertzog <hertzog(a)debian.org> Wed, 28 Jan 2015 10:24:59 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on hexagon.federez.net -- apticron