PublicDateAtUSN: 2014-04-22
Candidate: CVE-2014-0474
PublicDate: 2014-04-23 15:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0474
 https://www.djangoproject.com/weblog/2014/apr/21/security/
 https://ubuntu.com/security/notices/USN-2169-1
Description:
 The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField
 model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x
 before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type
 conversion, which allows remote attackers to have unspecified impact and
 vectors, related to "MySQL typecasting."
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1309784
Priority: medium
Discovered-by: Michael Koziarski
Assigned-to: mdeslaur
CVSS: 

Patches_python-django:
upstream_python-django: released (1.4.11,1.5.6,1.6.3)
lucid_python-django: released (1.1.1-2ubuntu1.10)
precise_python-django: released (1.3.1-4ubuntu1.9)
quantal_python-django: released (1.4.1-2ubuntu0.5)
saucy_python-django: released (1.5.4-1ubuntu1.1)
trusty_python-django: released (1.6.1-2ubuntu0.1)
trusty/esm_python-django: released (1.6.1-2ubuntu0.1)
devel_python-django: DNE