CVE 2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
Related bugs and status
CVE-2013-0306 (Candidate) is related to these bugs:
Bug #1089337: Please backport Django 1.3.5/1.4.3 security updates
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Raring) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Precise) | Medium | Fix Released | ||
1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Quantal) | Medium | Fix Released |
Bug #1130445: Security releases issued - Django 1.3.6, Django 1.4.4
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Quantal) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Raring) | Medium | Fix Released | ||
1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Precise) | Medium | Fix Released |
Bug #1372124: The Django version that the LTP uses is unsupported now
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1372124 | The Django version that the LTP uses is unsupported now | LoCo Team Portal | Critical | Triaged |
See the
CVE page on Mitre.org
for more details.