Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: Django
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 30 Oct 2012 00:10:00 +0100

Hello Kurt, Steve, all,

Django recently released updates 1.3.4 and 1.4.2 to address a Host:
header poisoning problem and incorrect HttpOnly cookie documentation
(only wrong in 1.4.x).

I believe only the header poisoning problem requires a CVE (the other
problem is documentation; Django application authors may make a mistake
in their code if they go by the faulty documentation), but I thought I
should mention both in this CVE request email as the Django announcement
mentioned both:

https://www.djangoproject.com/weblog/2012/oct/17/security/

Commits:
master: https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e
1.4 branch: https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3
1.3 branch: https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071

Thanks

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]