Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0482

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Related bugs and status

CVE-2014-0482 (Candidate) is related to these bugs:

Bug #1644346: SRU update Trusty to Python Django 1.6.11

Summary				In	Importance	Status
	1644346	SRU update Trusty to Python Django 1.6.11		python-django (Ubuntu)	Medium	Invalid
	1644346	SRU update Trusty to Python Django 1.6.11		python-django (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.djangoproj...
DEBIAN: DSA-3010
SECUNIA: 59782
SUSE: openSUSE-SU-2014:1132
SECUNIA: 61276
SECUNIA: 61281