CVE-2016-9013

Priority
Description
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3
use a hardcoded password for a temporary database user created when running
tests with an Oracle database, which makes it easier for remote attackers
to obtain access to the database server by leveraging failure to manually
specify a password in the database settings TEST dictionary.
Assigned-to
mdeslaur
Package
Upstream:released (1.10.3,1.9.11,1.8.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.1-2ubuntu0.16)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.4)
More Information

Updated: 2018-10-31 21:24:44 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)