Mandriva Linux Security Advisory 2013-218 - The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript.
1504a9f25eef5880d207471510df5d68d0689eb24ea616adf9a8ef6310edda32