Candidate: CVE-2009-2659
PublicDate: 2009-08-04 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2659
Description:
 The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96
 does not properly map URL requests to expected "static media files," which
 allows remote attackers to conduct directory traversal attacks and read
 arbitrary files via a crafted URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-django:
 upstream: http://www.djangoproject.com/weblog/2009/jul/28/security/
 debdiff: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/408825
upstream_python-django: released (1.0.3, 1.1)
dapper_python-django: DNE
hardy_python-django: ignored (reached end-of-life)
intrepid_python-django: needed (reached end-of-life)
jaunty_python-django: released (1.0.2-1ubuntu0.1)
karmic_python-django: not-affected (1.1-1)
lucid_python-django: not-affected (1.1-1)
maverick_python-django: not-affected (1.1-1)
natty_python-django: not-affected (1.1-1)
oneiric_python-django: not-affected (1.1-1)
devel_python-django: not-affected (1.1-1)