|
|
Subscribe / Log in / New account

python-django: two vulnerabilities

Package(s):python-django CVE #(s):CVE-2015-5143 CVE-2015-5144
Created:July 9, 2015 Updated:October 22, 2015
Description: From the Debian advisory:

CVE-2015-5143: Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users' session records to be evicted.

CVE-2015-5144: Sjoerd Job Postmus discovered that some built-in validators did not properly reject newlines in input values. This could allow remote attackers to inject headers in emails and HTTP responses.

Alerts:
Fedora FEDORA-2015-1dd5bc998f python-django 2015-11-19
Gentoo 201510-06 django 2015-10-31
openSUSE openSUSE-SU-2015:1813-1 python-Django 2015-10-23
openSUSE openSUSE-SU-2015:1802-1 python-django 2015-10-22
Red Hat RHSA-2015:1686-01 python-django 2015-08-25
Red Hat RHSA-2015:1678-01 python-django 2015-08-24
Mageia MGASA-2015-0293 python-django 2015-07-28
Fedora FEDORA-2015-11403 python-django 2015-07-23
Debian-LTS DLA-272-1 python-django 2015-07-16
Ubuntu USN-2671-1 python-django 2015-07-09
Debian DSA-3305-1 python-django 2015-07-09
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds