[go: up one dir, main page]
|
|
Subscribe / Log in / New account

Search results

Query:
Filters:
Content typeCategories
 LWN Feature article
 Guest article
 News item
 Email item
 Security alert
 Security vulnerability
 Kernel patch
 Comment		  Announcements
 Briefs
 Commerce
 Development
 Distributions
 Front
 Kernel
 Legal
 Letters
 Press
 Security
Order by: relevance date

Search results

Mandriva security update to python-django
([Security] Posted Dec 9, 2009 18:59 UTC (Wed) by jake )

-2009:276-1 ] python-django   
   Date : 
    	         Tue, 08 Dec 2009 23:07:01 +0100  
   Message-ID : 
    	         <E1NI8Cz-0002kM-Iv@titan.mandriva.com>  

  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:276-1
  http://www.mandriva.com/security/ 
 _______________________________________________________________________

 Package : python-django
 Date    : December 8, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in python-django:
 
 The Admin media handler in core/servers/basehttp.py in Django 1.0
 and 0.96 does not properly map URL requests to expected static media
 files, which allows remote attackers to conduct directory traversal
 attacks and read arbitrary files via a crafted URL (CVE-2009-2659).
 
 Algorithmic complexity vulnerability in the forms library in Django
 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause
 a denial of service (CPU consumption) via a crafted (1) EmailField
 (email address) or (2) URLField (URL) that triggers a large amount
 of backtracking in a regular expression (CVE-2009-3695

Mandriva security update to python-django
([Security] Posted Oct 13, 2009 17:50 UTC (Tue) by ris )

-2009:276 ] python-django   
   Date : 
    	         Tue, 13 Oct 2009 19:09:02 +0200  
   Message-ID : 
    	         <E1Mxkru-0001qu-Pm@titan.mandriva.com>  

  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:276
  http://www.mandriva.com/security/ 
 _______________________________________________________________________

 Package : python-django
 Date    : October 13, 2009
 Affected: 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in python-django:
 
 The Admin media handler in core/servers/basehttp.py in Django 1.0
 and 0.96 does not properly map URL requests to expected static media
 files, which allows remote attackers to conduct directory traversal
 attacks and read arbitrary files via a crafted URL (CVE-2009-2659).
 
 Algorithmic complexity vulnerability in the forms library in Django
 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause
 a denial of service (CPU consumption) via a crafted (1) EmailField
 (email address) or (2) URLField (URL) that triggers a large amount
 of backtracking in a regular expression (CVE-2009-3695

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds