First Last Prev Next    This bug is not in your last search results.
Bug 223539 - Security fix for Django auth system
Security fix for Django auth system
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Django (Show other bugs)
rawhide
All All
medium Severity high
: ---
: ---
Assigned To: Michel Alexandre Salim
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-19 16:55 EST by James Bennett
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-21 17:22:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description James Bennett 2007-01-19 16:55:10 EST 
A bug in Django's AuthenticationMiddleware was discovered and patched after the 0.95 release; this bug 
can cause apparent "caching" of the value of request.user between requests, possibly resulting in 
inappropriate access when a user is perceived to be "logged in" as someone else.

This was fixed in revision 3754 of Django trunk[1], and that changeset applies cleanly to stock Django 
0.95.

[1] http://code.djangoproject.com/changeset/3754
Comment 1 Michel Alexandre Salim 2007-01-21 17:22:58 EST 
Django 0.95.1 has been built on the build servers and awaits signing
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.