CVE-2013-1443
Published: 20 September 2013
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
upstream |
Released
(1.5.4)
|
lucid |
Released
(1.1.1-2ubuntu1.9)
|
|
precise |
Released
(1.3.1-4ubuntu1.8)
|
|
quantal |
Released
(1.4.1-2ubuntu0.4)
|
|
raring |
Released
(1.4.5-1ubuntu0.1)
|
|
Patches: upstream: https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc (1.5) upstream: https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368 (1.4) upstream: https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714 (1.4) |