openSUSE Security Update : python-django (openSUSE-SU-2012:0970-1)

Python Django was updated to fix several security issues. CVE-2012-3442: Cross-site scripting in authentication views CVE-2012-3443: Denial-of-service in image validation CVE-2012-3444: Denial-of-service via getimagedimensions %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Debian: Security Advisory (DSA-2529-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for Django FEDORA-2013-2874

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for Django FEDORA-2013-2874

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2013-2874 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for Django FEDORA-2012-20224

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2012-20224 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for Django FEDORA-2012-20224

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for Django FEDORA-2012-16417

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2012-16417 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : python-django vulnerabilities (USN-1560-1)

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting XSS attacks. CVE-2012-3442 It was discovered that Django incorrectly handled...

Mandriva Linux Security Advisory : python-django (MDVSA-2012:143)

Multiple vulnerabilities has been discovered and corrected in python-django : The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote...

[ MDVSA-2012:143 ] python-django

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:143 http://www.mandriva.com/security/ Package : python-django Date : August 23, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

Fedora Update for Django FEDORA-2012-11415

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2012-11415 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for Django FEDORA-2012-11415

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for python-django MDVSA-2012:143 (python-django)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for python-django MDVSA-2012:143 (python-django)

Check for the Version of python-django OpenVAS Vulnerability Test Mandriva Update for python-django MDVSA-2012:143 python-django Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[SECURITY] [DSA 2529-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2529-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 14, 2012 http://www.debian.org/security/faq -...

Fedora 17 : Django-1.4.1-1.fc17 (2012-11415)

security release https://www.djangoproject.com/weblog/2012/jul/30/security-releases-iss ued/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

FreeBSD Ports: py26-django, py27-django

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Django跨站脚本执行和两个拒绝服务漏洞

BUGTRAQ ID: 54742 CVE ID: CVE-2012-3442,CVE-2012-3443,CVE-2012-3444 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.3和1.4及其他版本在实现上存在两个安全漏洞，可被恶意用户利用执行跨站脚本攻击和拒绝服务。 1）验证框架中的login或logout试图的重定向功能内传递的输入，在重定向到"data:" scheme URL后没有正确过滤就返回给用户。 2）解压图形时，ImageField类中的图形验证中存在错误，可被利用消耗大量内存资源。...

CVE-2012-3443

The vulnerability CVE-2012-3443 affects Django’s ImageField in the form system. Django before 1.3.2 and 1.4.x before 1.4.1 decompress image data during image validation, which can cause denial of service through memory consumption when processing an image upload. Public advisories and vendor note...

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...