Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Sep 2011 16:09:44 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com,
        Django project security team <security@...ngoproject.com>
Subject: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws

Hello Josh, Steve, vendors,

   multiple security flaws have been recently addressed in the v1.3.1
and v1.2.7 versions of the Django Python Web framework (from [1]):
1, Session manipulation,
2, Denial of service attack via URLField,
3, URLField redirection,
4, Host header cache poisoning,
5, Host header and CSRF,
6, Cross-subdomain CSRF attacks,
7, DEBUG pages and sensitive POST data

References:
[1] https://www.djangoproject.com/weblog/2011/sep/09/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=737366

Could you allocate a CVE ids for these flaws?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ