1
PublicDateAtUSN: 2013-02-19
2
Candidate: CVE-2013-1665
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
6
https://www.djangoproject.com/weblog/2013/feb/19/security/
7
https://usn.ubuntu.com/usn/usn-1730-1
8
https://usn.ubuntu.com/usn/usn-1757-1
10
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in
11
OpenStack Keystone Essex and Folsom, Django, and possibly other products
12
allow remote attackers to read arbitrary files via an XML external entity
13
declaration in conjunction with an entity reference, aka an XML External
17
jdstrand> Keystone on 11.10 is a pre-release version and unusable with other
18
components such as nova and horizon
20
https://bugs.launchpad.net/keystone/+bug/1100279
21
https://bugs.launchpad.net/bugs/1130445
23
Discovered-by: Jonathan Murray
27
upstream_keystone: pending (2013.1~g3)
30
oneiric_keystone: ignored
31
precise_keystone: released (2012.1+stable~20120824-a16a0ab9-0ubuntu2.5)
32
quantal_keystone: released (2012.2.1-0ubuntu1.2)
33
devel_keystone: not-affected (2013.1.g3-0ubuntu1)
35
Patches_python-django:
36
upstream: https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40 (1.4)
37
upstream: https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112 (1.3)
38
vendor: http://www.debian.org/security/2013/dsa-2634
39
upstream_python-django: released (1.4.5-1)
40
hardy_python-django: ignored (reached end-of-life)
41
lucid_python-django: released (1.1.1-2ubuntu1.8)
42
oneiric_python-django: released (1.3-2ubuntu1.6)
43
precise_python-django: released (1.3.1-4ubuntu1.6)
44
quantal_python-django: released (1.4.1-2ubuntu0.3)
45
devel_python-django: not-affected (1.4.5-1)