PublicDateAtUSN: 2014-08-26
Candidate: CVE-2014-0481
PublicDate: 2014-08-26 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0481
 https://www.djangoproject.com/weblog/2014/aug/20/security/
 https://ubuntu.com/security/notices/USN-2347-1
Description:
 The default configuration for the file upload handling system in Django
 before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before
 release candidate 3 uses a sequential file name generation process when a
 file with a conflicting name is uploaded, which allows remote attackers to
 cause a denial of service (CPU consumption) by unloading a multiple files
 with the same name.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: David Wilson
Assigned-to: mdeslaur
CVSS: 

Patches_python-django:
 upstream: https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41 (1.4)
 upstream: https://github.com/django/django/commit/dd0c3f4ee1a30c1a1e6055061c6ba6e58c6b54d1 (1.6)
upstream_python-django: released (1.6.6-1)
lucid_python-django: released (1.1.1-2ubuntu1.13)
precise_python-django: released (1.3.1-4ubuntu1.12)
trusty_python-django: released (1.6.1-2ubuntu0.4)
trusty/esm_python-django: released (1.6.1-2ubuntu0.4)
devel_python-django: not-affected (1.6.6-1)