Revision Date: | 2014-06-30 | Version: | 20 |
Title: | USN-1040-1 -- python-django vulnerabilities |
Description: | Adam Baldwin discovered that Django did not properly validate query string lookups. This could be exploited to provide an information leak to an attacker with admin privilieges. Paul McMillan discovered that Django did not validate the length of the token used when generating a password reset. An attacker could exploit this to cause a denial of service via resource exhaustion |
Family: | unix | Class: | patch |
Status: | ACCEPTED | Reference(s): | CVE-2010-4534 CVE-2010-4535 USN-1040-1 USN-1040-1
|
Platform(s): | Ubuntu 10.04 Ubuntu 10.10 Ubuntu 9.10
| Product(s): | python-django
|
Definition Synopsis |
Release section Ubuntu 10.10 is installed
AND Installed architecture is all
AND Packages section
python-django-doc DPKG is earlier than 1.2.3-1ubuntu0.2.10.10.1
OR python-django DPKG is earlier than 1.2.3-1ubuntu0.2.10.10.1
OR Release section
Ubuntu 9.10 is installed
AND Installed architecture is all
AND Packages section
python-django-doc DPKG is earlier than 1.1.1-1ubuntu1.1
OR python-django DPKG is earlier than 1.1.1-1ubuntu1.1
OR Release section
Ubuntu 10.04 is installed
AND Installed architecture is all
AND Packages section
python-django-doc DPKG is earlier than 1.1.1-2ubuntu1.2
OR python-django DPKG is earlier than 1.1.1-2ubuntu1.2
|