[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: python-django and CVE-2016-9014

On 2016-11-05 04:59, Raphael Hertzog wrote:

The whole case of this CVE is not about using settings.DEBUG in production
but about a possible cross-site scripting attack targetting a Django
developer who might have a Django application running locally in DEBUG
mode (and which might be configured to hit a remote database).

So I tend to agree with Guido, I would suspect that this CVE affects
Wheezy too and we need a clear explanation of why that would not be the
I think I understand this security issue now. I should be able to work on a fix for wheezy-security tomorrow.



Reply to: