oss-sec mailing list archives
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws
From: Josh Bressers <bressers () redhat com>
Date: Wed, 14 Sep 2011 14:22:59 -0400 (EDT)
Steve,
Can MITRE deal with this one? I lack time to properly work through this list right now.
Thanks.
--
JB
----- Original Message -----
Hello Josh, Steve, vendors, multiple security flaws have been recently addressed in the v1.3.1 and v1.2.7 versions of the Django Python Web framework (from [1]): 1, Session manipulation, 2, Denial of service attack via URLField, 3, URLField redirection, 4, Host header cache poisoning, 5, Host header and CSRF, 6, Cross-subdomain CSRF attacks, 7, DEBUG pages and sensitive POST data References: [1] https://www.djangoproject.com/weblog/2011/sep/09/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=737366 Could you allocate a CVE ids for these flaws? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Jan Lieskovsky (Sep 11)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Thijs Kinkhorst (Sep 13)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Josh Bressers (Sep 14)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Henri Salo (Sep 15)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws dave bl (Sep 15)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Henri Salo (Sep 15)