Date: Sun, 11 Sep 2011 16:09:44 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com, Django project security team <security@...ngoproject.com> Subject: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Hello Josh, Steve, vendors, multiple security flaws have been recently addressed in the v1.3.1 and v1.2.7 versions of the Django Python Web framework (from ): 1, Session manipulation, 2, Denial of service attack via URLField, 3, URLField redirection, 4, Host header cache poisoning, 5, Host header and CSRF, 6, Cross-subdomain CSRF attacks, 7, DEBUG pages and sensitive POST data References:  https://www.djangoproject.com/weblog/2011/sep/09/  https://bugzilla.redhat.com/show_bug.cgi?id=737366 Could you allocate a CVE ids for these flaws? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ