PublicDate: 2008-09-04 17:41:00 UTC
Candidate: CVE-2008-3909
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3909
Description:
 The administration application in Django 0.91, 0.95, and 0.96 stores
 unauthenticated HTTP POST requests and processes them after successful
 authentication occurs, which allows remote attackers to conduct cross-site
 request forgery (CSRF) attacks and delete or modify data via unspecified
 requests.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-django:
 other: http://www.djangoproject.com/weblog/2008/sep/02/security/
upstream_python-django: released (0.96.3)
dapper_python-django: DNE
feisty_python-django: needed (reached end-of-life)
gutsy_python-django: needed (reached end-of-life)
hardy_python-django: ignored (reached end-of-life)
intrepid_python-django: not-affected (1.0-1ubuntu1)
jaunty_python-django: not-affected (1.0-1ubuntu1)
karmic_python-django: not-affected (1.0-1ubuntu1)
lucid_python-django: not-affected (1.0-1ubuntu1)
maverick_python-django: not-affected (1.0-1ubuntu1)
natty_python-django: not-affected (1.0-1ubuntu1)
oneiric_python-django: not-affected (1.0-1ubuntu1)
devel_python-django: not-affected (1.0-1ubuntu1)