oss-sec mailing list archives
CVE id request: django
From: Raphael Geissert <geissert () debian org>
Date: Sat, 10 Oct 2009 17:54:06 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A vulnerability has been found in Django's forms library that can be used to perform DoS attacks via certain email addresses or URLs that make the validation regular expressions consume CPU resources. The vulnerability is said to be being exploited on live installations. References: http://www.djangoproject.com/weblog/2009/oct/09/security/ http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/677e54bd6c6e283b http://lists.debian.org/debian-security-announce/2009/msg00227.html Please assign a CVE identifier. Kind regards, - -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkrREJQACgkQYy49rUbZzlpwswCgjSOAiDSfYGYiE+ZjE9i6+Zmf 3MkAoJN9qvxGAzfzsgiFW8XAuP1wan81 =nsNz -----END PGP SIGNATURE-----
Current thread:
- CVE id request: django Raphael Geissert (Oct 10)
- Re: CVE id request: django Josh Bressers (Oct 12)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Jan Lieskovsky (Oct 13)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Steven M. Christey (Oct 13)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Steven M. Christey (Oct 13)
- Re: Duplicate CVE assignment notification [was: CVE id request: django] Jan Lieskovsky (Oct 13)
- Re: CVE id request: django Josh Bressers (Oct 12)