Salvatore Bonaccorso <car...@debian.org> wrote:
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >- ------------------------------------------------------------------------- >Debian Security Advisory DSA-2758-1 secur...@debian.org >http://www.debian.org/security/ Salvatore Bonaccorso >September 17, 2013 http://www.debian.org/security/faq >- ------------------------------------------------------------------------- > >Package : python-django >Vulnerability : denial of service >Problem type : remote >Debian-specific: no >CVE ID : CVE-2013-1443 >Debian Bug : 723043 > >It was discovered that python-django, a high-level Python web >develompent framework, is prone to a denial of service vulnerability >via large passwords. > >A non-authenticated remote attacker could mount a denial of service by >submitting arbitrarily large passwords, tying up server resources in >the expensive computation of the corresponding hashes to verify the >password. > >For the oldstable distribution (squeeze), this problem has been fixed in >version 1.2.3-3+squeeze8. > >For the stable distribution (wheezy), this problem has been fixed in >version 1.4.5-1+deb7u4. > >For the unstable distribution (sid), this problem has been fixed in >version 1.5.4-1. > >We recommend that you upgrade your python-django packages. > >Further information about Debian Security Advisories, how to apply >these updates to your system and frequently asked questions can be >found at: http://www.debian.org/security/ > >Mailing list: debian-security-annou...@lists.debian.org >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.14 (GNU/Linux) > >iQIcBAEBCgAGBQJSOJ/pAAoJEHidbwV/2GP+G1sP/RjyId0sDXuCUkDdkMyVS31+ >5Hn5Gi5k9KtSAXD6hvVg8kvBWDJRonVUXuJ4cA2YwLtf8sdS7cI0SW/9w1xujnFS >TGvh2+Ghs8mxEeWj8pkHRUcoUdO985Z23GbSHYehC9JARZ0mFxLXCHwdJ8d1gLK3 >7ZeV94KFx6z4dAA2zXZ3C87NN8ZTtiZfBeG1kvj+EnDMeOr2o72HgQShrLLONmBw >3s37LVgXNyoQyWt1Dt00axKfahe1eBdZd3Ex5iDfhciWgLgRmkmjFK+FgI4DwOHU >B4QY4dUhv+t4LX24IQuk3g/1omxpDZR/CXJaZ7Sdm3Xc2dbgqnQohExa5Dw7bwZ/ >iGhQmfMPpUxSzYw2dSsygbBbxfRq2aVvxb7iFf2XJMXdQrrt7rVtqDR28HTdfFZ8 >SLrzHlGSfcRqf+vlq3UqDCxjd+OHewFej6ZOmRYWV6vK4Uh9pmFmrPLJHg4EdDlr >67ZnvHVguF0YdpP3hi8N5pN5nNGUCwyt/lJxiDu6fESvIM/l/joa6MXVpEIb7Ej/ >4ncefHu5fHLRlevKhOtu6SRvEUKAKZK7VZfdrC59S0r+AkNmRhO/XXM9Utm+8eLo >1zoufD+JS2S6ReNq/5K4TQHS+cy2qbBE6PtecDcVwiF4xrb9PJzd2fYUZ3dLdTkj >e/HUma7XNVNT3NvkHnnq >=OcAM >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org >with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org >Archive: http://lists.debian.org/e1vm0fc-0002zk...@master.debian.org >
