LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Urgent Django security updates released

[Posted October 10, 2009 by corbet]

The Django project has announced the release of a set of urgent security updates. "This issue was disclosed publicly by a third party on a high-traffic mailing list, and attempts have been made to exploit it against live Django installations; as such, we are bypassing our normal policy for security disclosure and immediately issuing patches and updated releases." The vulnerability (a denial of service problem) affects any Django application running 1.0 or later and using the EmailField or URLField features.
(Log in to post comments)

Urgent Django security updates released

Posted Oct 11, 2009 0:54 UTC (Sun) by csamuel (✭ supporter ✭, #2624) [Link]

According to the alert this is a potential DoS attack in that the exploit
causes a regular expression to consume lots of CPU.

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds