1
PublicDateAtUSN: 2012-07-31
2
Candidate: CVE-2012-3444
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3444
6
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
7
http://www.openwall.com/lists/oss-security/2012/07/31/1
8
http://www.openwall.com/lists/oss-security/2012/07/31/2
9
https://usn.ubuntu.com/usn/usn-1560-1
11
The get_image_dimensions function in the image-handling functionality in
12
Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in
13
all attempts to determine dimensions, which allows remote attackers to
14
cause a denial of service (process or thread consumption) via a large TIFF
18
mdeslaur> possible regression, see LP: #1031733
20
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683364
21
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1031733
23
Discovered-by: Jeroen Dekkers
26
Patches_python-django:
27
vendor: http://www.debian.org/security/2012/dsa-2529
28
upstream: https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446
29
upstream_python-django: released (1.3.2,1.4.1)
30
hardy_python-django: ignored (reached end-of-life)
31
lucid_python-django: released (1.1.1-2ubuntu1.5)
32
natty_python-django: released (1.2.5-1ubuntu1.2)
33
oneiric_python-django: released (1.3-2ubuntu1.3)
34
precise_python-django: released (1.3.1-4ubuntu1.2)
35
devel_python-django: not-affected (1.4.1-1)