Bug 1129952 (CVE-2014-0481)
Summary: | CVE-2014-0481 Django: file upload denial of service | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, bkearney, carnil, cbillett, chrisw, dallan, gkotton, jrusnack, kseifried, lhh, lpeer, markmc, mrunge, rbryant, sclewis, security-response-team, tjay, tomckay, yeylon | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | django 1.4.14, django 1.5.9, django 1.6.6, django 1.7-rc3 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2015-08-26 23:40:16 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1132773, 1132774, 1132775, 1132776, 1132777, 1132778 | ||||||||||
Bug Blocks: | 1129960 | ||||||||||
Attachments: |
|
Description
Murray McAllister
2014-08-14 04:44:17 UTC
Created attachment 926638 [details]
1.4 patch
Created attachment 926639 [details]
1.5 patch
Created attachment 926640 [details]
1.6 patch
External References: https://www.djangoproject.com/weblog/2014/aug/20/security/ Created Django14 tracking bugs for this issue: Affects: epel-6 [bug 1132776] Created python-django15 tracking bugs for this issue: Affects: fedora-20 [bug 1132775] Affects: epel-6 [bug 1132777] Affects: epel-7 [bug 1132778] Created python-django14 tracking bugs for this issue: Affects: fedora-all [bug 1132774] Created python-django tracking bugs for this issue: Affects: fedora-all [bug 1132773] python-django-1.5.9-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. python-django-1.6.6-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. python-django14-1.4.14-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. python-django15-1.5.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. Django14-1.4.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. python-django14-1.4.16-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. python-django14-1.4.16-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |