CVE-2016-9013

Priority
Medium
Description
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3
use a hardcoded password for a temporary database user created when running
tests with an Oracle database, which makes it easier for remote attackers
to obtain access to the database server by leveraging failure to manually
specify a password in the database settings TEST dictionary.
References
Assigned-to
mdeslaur
Package
Upstream:released (1.10.3,1.9.11,1.8.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.1-2ubuntu0.16)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.4)
More Information

Updated: 2018-06-26 05:00:57 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)