CVE 2013-0305
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Related bugs and status
CVE-2013-0305 (Candidate) is related to these bugs:
Bug #1089337: Please backport Django 1.3.5/1.4.3 security updates
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Raring) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Precise) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Quantal) | Medium | Fix Released |
Bug #1130445: Security releases issued - Django 1.3.6, Django 1.4.4
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Quantal) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Raring) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Precise) | Medium | Fix Released |
Bug #1372124: The Django version that the LTP uses is unsupported now
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1372124 | The Django version that the LTP uses is unsupported now | LoCo Team Portal | Critical | Triaged |
See the
CVE page on Mitre.org
for more details.