1
PublicDateAtUSN: 2011-10-19
2
Candidate: CVE-2011-4138
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4138
6
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
7
https://usn.ubuntu.com/usn/usn-1297-1
9
The verify_exists functionality in the URLField implementation in Django
10
before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity
11
through a HEAD request, but then uses a GET request for the new target URL
12
in the case of a redirect, which might allow remote attackers to trigger
13
arbitrary GET requests with an unintended source IP address via a crafted
19
Discovered-by: Paul McMillan
22
Patches_python-django:
23
upstream: https://code.djangoproject.com/changeset/16766 (1.2)
24
upstream: https://code.djangoproject.com/changeset/16763 (1.3)
25
upstream_python-django: released (1.3.1-1)
26
hardy_python-django: ignored (reached end-of-life)
27
lucid_python-django: released (1.1.1-2ubuntu1.4)
28
maverick_python-django: released (1.2.3-1ubuntu0.2.10.10.3)
29
natty_python-django: released (1.2.5-1ubuntu1.1)
30
oneiric_python-django: released (1.3-2ubuntu1.1)
31
devel_python-django: not-affected (1.3.1-1ubuntu1)