Debian Security Advisory DSA 2529-1 (python-django - several vulnerabilities)

Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues: CVE-2012-3442Two functions do not validate the scheme of a redirect target, which might allow remote attackers to conduct...

Mandriva Update for python-django MDVSA-2012:143 (python-django)

Check for the Version of python-django OpenVAS Vulnerability Test Mandriva Update for python-django MDVSA-2012:143 python-django Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

PYSEC-2012-4

The getimagedimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service process or thread consumption via a large TIFF image...

CVE-2012-3444

CVE-2012-3444 affects Django: get_image_dimensions in image handling for Django versions before 1.3.2 and 1.4.x before 1.4.1 is vulnerable due to a constant chunk size, enabling DoS via large TIFF images. Remediation per connected docs: upgrade Django to a non‑vulnerable version (e.g., 1.3.3 or 1...

CVE-2012-3444

The getimagedimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service process or thread consumption via a large TIFF image...

django -- multiple vulnerabilities

The Django project reports: Today the Django team is issuing multiple releases -- Django 1.3.2 and Django 1.4.1 -- to remedy security issues reported to us: Cross-site scripting in authentication views Denial-of-service in image validation Denial-of-service via getimagedimensions All users are...