We maintain security-hardened builds of Django 1.6.11, the version series we use for Review Board 2.0 through 3.0. We've put out a new Django 22.214.171.124 release that contains these fixes, plus some additional backports from newer releases.
To upgrade to this release, run:
$ pip install -U https://downloads.reviewboard.org/releases/Django/1.6/Django-126.96.36.199.tar.gz
$ easy_install -U http://downloads.reviewboard.org/releases/Django/1.6/Django-188.8.131.52.tar.gz