Re: python-django and CVE-2016-9014

To: Guido Günther <agx@sigxcpu.org>, Chris Lamb <lamby@debian.org>, <debian-lts@lists.debian.org>
Subject: Re: python-django and CVE-2016-9014
From: Nicholas Luedtke <nicholas.luedtke@hpe.com>
Date: Fri, 4 Nov 2016 07:29:40 -0600
Message-id: <[🔎] bbd431a2-1873-46b8-6b5e-05051870a8d5@hpe.com>
In-reply-to: <[🔎] 20161104103429.zdryfy4vsna7x5lo@bogon.m.sigxcpu.org>
References: <[🔎] 20161104073724.7ejqqhe6yytnpfut@bogon.m.sigxcpu.org> <[🔎] 1478255563.797590.777261465.5375CE76@webmail.messagingengine.com> <[🔎] 20161104103429.zdryfy4vsna7x5lo@bogon.m.sigxcpu.org>

On 11/4/2016 4:34 AM, Guido Günther wrote:

> On Fri, Nov 04, 2016 at 10:32:43AM +0000, Chris Lamb wrote:
>> Guido Günther wrote:
>>
>>> Isn't this also affected by a rebinding attack since we allow any host
>>> in debug mode?

You are correct, I am not sure what was registering when I looked at the
code. I won't be in a position to update the tracker till a little
later, but I will update it later if someone doesn't beat me to it.
Sorry for the confusion.

- Nicholas

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- python-django and CVE-2016-9014
  - From: Guido Günther <agx@sigxcpu.org>
- Re: python-django and CVE-2016-9014
  - From: Chris Lamb <lamby@debian.org>
- Re: python-django and CVE-2016-9014
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: python-django and CVE-2016-9014
Next by Date: Re: linux-image-3.2.0-4-486
Previous by thread: Re: python-django and CVE-2016-9014
Next by thread: Re: python-django and CVE-2016-9014
Index(es):
- Date
- Thread