Description of problem:
1), Information leakage in Django administrative interface
CVSSv2 score = 3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N
Upstream changeset (against Django v1.2 version, which is in Fedora);
2), Denial-of-service attack in password-reset mechanism
CVSSv2 score = 5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
Upstream changeset (against Django v1.2 version, which is in Fedora):
These issues affect the versions of the Django package, as shipped
with Fedora release of 13 and 14.
These issues affect the versions of the Django package, as present
within EPEL-4 and EPEL-5 repositories.
Please schedule an update / rebase.
Created Django tracking bugs for this issue
Affects: fedora-all [bug 665410]
(In reply to comment #0)
> Description of problem:
Thank you for the report, Luke.
I apologize for the late response (was on vacation). Updated packages are being worked on now.
The following CVE identifiers have been assigned:
1, CVE-2010-4534 -- for the "information leakage in Django administrative
interface" issue and
2, CVE-2010-4535 for the "Denial-of-service attack in password-reset mechanism"
This has been fixed in Fedora/EPEL: