Re: python-django and CVE-2016-9014

To: Guido Günther <agx@sigxcpu.org>, nicholas.luedtke@hpe.com
Cc: debian-lts@lists.debian.org
Subject: Re: python-django and CVE-2016-9014
From: Chris Lamb <lamby@debian.org>
Date: Fri, 04 Nov 2016 10:32:43 +0000
Message-id: <[🔎] 1478255563.797590.777261465.5375CE76@webmail.messagingengine.com>
In-reply-to: <[🔎] 20161104073724.7ejqqhe6yytnpfut@bogon.m.sigxcpu.org>
References: <[🔎] 20161104073724.7ejqqhe6yytnpfut@bogon.m.sigxcpu.org>

Guido Günther wrote:

> Isn't this also affected by a rebinding attack since we allow any host
> in debug mode?

If it helps, speaking as a regular Django developer, if you've got
``settings.DEBUG`` enabled in production you have much bigger problems
than a rebinding attack…


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: python-django and CVE-2016-9014
  - From: Guido Günther <agx@sigxcpu.org>
- Re: python-django and CVE-2016-9014
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- python-django and CVE-2016-9014
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: Qemu CVEs in Xen
Next by Date: Re: python-django and CVE-2016-9014
Previous by thread: python-django and CVE-2016-9014
Next by thread: Re: python-django and CVE-2016-9014
Index(es):
- Date
- Thread