1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2758-1] python-django security update

    From Salvatore Bonaccorso@1:229/2 to All on Tue Sep 17 20:50:02 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2758-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 17, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-django
    Vulnerability : denial of service
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-1443
    Debian Bug : 723043

    It was discovered that python-django, a high-level Python web
    develompent framework, is prone to a denial of service vulnerability
    via large passwords.

    A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in
    the expensive computation of the corresponding hashes to verify the
    password.

    For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.3-3+squeeze8.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.4.5-1+deb7u4.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.5.4-1.

    We recommend that you upgrade your python-django packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.14 (GNU/Linux)

    iQIcBAEBCgAGBQJSOJ/pAAoJEHidbwV/2GP+G1sP/RjyId0sDXuCUkDdkMyVS31+ 5Hn5Gi5k9KtSAXD6hvVg8kvBWDJRonVUXuJ4cA2YwLtf8sdS7cI0SW/9w1xujnFS TGvh2+Ghs8mxEeWj8pkHRUcoUdO985Z23GbSHYehC9JARZ0mFxLXCHwdJ8d1gLK3 7ZeV94KFx6z4dAA2zXZ3C87NN8ZTtiZfBeG1kvj+EnDMeOr2o72HgQShrLLONmBw 3s37LVgXNyoQyWt1Dt00axKfahe1eBdZd3Ex5iDfhciWgLgRmkmjFK+FgI4DwOHU B4QY4dUhv+t4LX24IQuk3g/1omxpDZR/CXJaZ7Sdm3Xc2dbgqnQohExa5Dw7bwZ/ iGhQmfMPpUxSzYw2dSsygbBbxfRq2aVvxb7iFf2XJMXdQrrt7rVtqDR28HTdfFZ8 SLrzHlGSfcRqf+vlq3UqDCxjd+OHewFej6ZOmRYWV6vK4Uh9pmFmrPLJHg4EdDlr 67ZnvHVguF0YdpP3hi8N5pN5nNGUCwyt/lJxiDu6fESvIM/l/joa6MXVpEIb7Ej/ 4ncefHu5fHLRlevKhOtu6SRvEUKAKZK7VZfdrC59S0r+AkNmRhO/XXM9Utm+8eLo 1zoufD+JS2S6ReNq/5K4TQHS+cy2qbBE6PtecDcVwiF4xrb9PJzd2fYUZ3dLdTkj e/HUma7XNVNT3NvkHnnq
    =OcAM
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)