1
PublicDateAtUSN: 2011-10-19
2
Candidate: CVE-2011-4137
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4137
6
https://usn.ubuntu.com/usn/usn-1297-1
8
The verify_exists functionality in the URLField implementation in Django
9
before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt
10
access to an arbitrary URL with no timeout, which allows remote attackers
11
to cause a denial of service (resource consumption) via a URL associated
12
with (1) a slow response, (2) a completed TCP connection with no
13
application data sent, or (3) a large amount of application data, a related
14
issue to CVE-2011-1521.
19
Discovered-by: Paul McMillan
22
Patches_python-django:
23
upstream: https://code.djangoproject.com/changeset/16766 (1.2)
24
upstream: https://code.djangoproject.com/changeset/16763 (1.3)
25
upstream_python-django: released (1.3.1-1)
26
hardy_python-django: ignored (reached end-of-life)
27
lucid_python-django: released (1.1.1-2ubuntu1.4)
28
maverick_python-django: released (1.2.3-1ubuntu0.2.10.10.3)
29
natty_python-django: released (1.2.5-1ubuntu1.1)
30
oneiric_python-django: released (1.3-2ubuntu1.1)
31
devel_python-django: not-affected (1.3.1-1ubuntu1)