1
PublicDateAtUSN: 2015-11-24 17:00:00
2
Candidate: CVE-2015-8213
3
CRD: 2015-11-24 17:00:00
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8213
7
https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
8
https://usn.ubuntu.com/usn/usn-2816-1
10
The get_format function in utils/formats.py in Django before 1.7.x before
11
1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote
12
attackers to obtain sensitive application secrets via a settings key in
13
place of a date/time format setting, as demonstrated by SECRET_KEY.
18
Discovered-by: Ryan Butterfield
21
Patches_python-django:
22
upstream_python-django: released (1.8.7,1.7.11)
23
precise_python-django: released (1.3.1-4ubuntu1.19)
24
trusty_python-django: released (1.6.1-2ubuntu0.11)
25
vivid_python-django: released (1.7.6-1ubuntu2.3)
26
wily_python-django: released (1.7.9-1ubuntu5.1)
27
devel_python-django: released (1.8.7-1ubuntu1)