Mandriva Linux Security Advisory 2013-218 – The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript…. Mandriva Linux Security Advisory 2013-218 – The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript.

Read more http://packetstormsecurity.com/files/122941/MDVSA-2013-218.txt