DoS attack on Django 1.0.x and 1.1.x disclosed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-django (Ubuntu) |
Fix Released
|
Medium
|
Krzysztof Klimonda | ||
Intrepid |
Invalid
|
Medium
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Krzysztof Klimonda | ||
Karmic |
Fix Released
|
Medium
|
Krzysztof Klimonda |
Bug Description
The 1.1.1 version of Django framework has been released.
From their announcement:
"Security updates released
Today the Django project is issuing a set of releases to remedy a security issue. This issue was disclosed publicly by a third party on a high-traffic mailing list, and attempts have been made to exploit it against live Django installations; as such, we are bypassing our normal policy for security disclosure and immediately issuing patches and updated releases.
Description of vulnerability
Django's forms library included field types which perform regular-
In order to make this update we also have to fix bug 445639 (FTBFS due to the regression tests failure)
CVE References
visibility: | private → public |
affects: | ubuntu → python-django (Ubuntu) |
Changed in python-django (Ubuntu Jaunty): | |
status: | New → Confirmed |
Changed in python-django (Ubuntu): | |
status: | New → Confirmed |
Changed in python-django (Ubuntu Jaunty): | |
importance: | Undecided → Medium |
Changed in python-django (Ubuntu): | |
importance: | Undecided → Medium |
I'll try to close both bugs before Final Freeze.