Re: [SECURITY] [DSA 2758-1] python-django security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2758-1] python-django security update
From: David Moscrip <dam@nc.rr.com>
Date: Tue, 17 Sep 2013 15:22:39 -0400
Message-id: <[🔎] 5iqoe980s1h4tf8ys84dp58y.1379445759479@email.android.com>


Salvatore Bonaccorso <carnil@debian.org> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>- -------------------------------------------------------------------------
>Debian Security Advisory DSA-2758-1                   security@debian.org
>http://www.debian.org/security/                      Salvatore Bonaccorso
>September 17, 2013                     http://www.debian.org/security/faq
>- -------------------------------------------------------------------------
>
>Package        : python-django
>Vulnerability  : denial of service
>Problem type   : remote
>Debian-specific: no
>CVE ID         : CVE-2013-1443
>Debian Bug     : 723043
>
>It was discovered that python-django, a high-level Python web
>develompent framework, is prone to a denial of service vulnerability
>via large passwords.
>
>A non-authenticated remote attacker could mount a denial of service by
>submitting arbitrarily large passwords, tying up server resources in
>the expensive computation of the corresponding hashes to verify the
>password.
>
>For the oldstable distribution (squeeze), this problem has been fixed in
>version 1.2.3-3+squeeze8.
>
>For the stable distribution (wheezy), this problem has been fixed in
>version 1.4.5-1+deb7u4.
>
>For the unstable distribution (sid), this problem has been fixed in
>version 1.5.4-1.
>
>We recommend that you upgrade your python-django packages.
>
>Further information about Debian Security Advisories, how to apply
>these updates to your system and frequently asked questions can be
>found at: http://www.debian.org/security/
>
>Mailing list: debian-security-announce@lists.debian.org
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.14 (GNU/Linux)
>
>iQIcBAEBCgAGBQJSOJ/pAAoJEHidbwV/2GP+G1sP/RjyId0sDXuCUkDdkMyVS31+
>5Hn5Gi5k9KtSAXD6hvVg8kvBWDJRonVUXuJ4cA2YwLtf8sdS7cI0SW/9w1xujnFS
>TGvh2+Ghs8mxEeWj8pkHRUcoUdO985Z23GbSHYehC9JARZ0mFxLXCHwdJ8d1gLK3
>7ZeV94KFx6z4dAA2zXZ3C87NN8ZTtiZfBeG1kvj+EnDMeOr2o72HgQShrLLONmBw
>3s37LVgXNyoQyWt1Dt00axKfahe1eBdZd3Ex5iDfhciWgLgRmkmjFK+FgI4DwOHU
>B4QY4dUhv+t4LX24IQuk3g/1omxpDZR/CXJaZ7Sdm3Xc2dbgqnQohExa5Dw7bwZ/
>iGhQmfMPpUxSzYw2dSsygbBbxfRq2aVvxb7iFf2XJMXdQrrt7rVtqDR28HTdfFZ8
>SLrzHlGSfcRqf+vlq3UqDCxjd+OHewFej6ZOmRYWV6vK4Uh9pmFmrPLJHg4EdDlr
>67ZnvHVguF0YdpP3hi8N5pN5nNGUCwyt/lJxiDu6fESvIM/l/joa6MXVpEIb7Ej/
>4ncefHu5fHLRlevKhOtu6SRvEUKAKZK7VZfdrC59S0r+AkNmRhO/XXM9Utm+8eLo
>1zoufD+JS2S6ReNq/5K4TQHS+cy2qbBE6PtecDcVwiF4xrb9PJzd2fYUZ3dLdTkj
>e/HUma7XNVNT3NvkHnnq
>=OcAM
>-----END PGP SIGNATURE-----
>
>
>-- 
>To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>Archive: http://lists.debian.org/E1VM0FC-0002zK-4n@master.debian.org
>

Reply to:

Prev by Date: Script to System Check Integrity against Debian Package Repository
Next by Date: Re: Script to System Check Integrity against Debian Package Repository
Previous by thread: Re: Script to System Check Integrity against Debian Package Repository
Next by thread: AUTO: Thomas Sinka ist außer Haus (Rückkehr am 01.10.2013)
Index(es):
- Date
- Thread