Bug 840518 (CVE-2013-1443) - VUL-0: CVE-2013-1443: python-django: denial-of-service via large passwords
Summary: VUL-0: CVE-2013-1443: python-django: denial-of-service via large passwords
Status: RESOLVED FIXED
Alias: CVE-2013-1443
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-16 09:17 UTC by Alexander Bergmann
Modified: 2014-04-24 07:25 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-09-16 09:17:01 UTC 
Public via oss-security.

Date: Sun, 15 Sep 2013 21:46:44 +0200
From: Salvatore Bonaccorso
Subject: [oss-security] [notification] django: CVE-2013-1443: denial-of-service via large passwords

Django released a new advisory for a denial-of-service via large
passwords [1].

This is a short notice to avoid possible dublications of a CVE. The
Debian Security Team was asked shortly before the advisory release for
a CVE, and CVE-2013-1443 got assigned to this issue today.

 [1] https://www.djangoproject.com/weblog/2013/sep/15/security/
Comment 1 Swamp Workflow Management 2013-09-16 22:00:25 UTC 
bugbot adjusting priority
Comment 2 Sascha Peilicke 2013-09-17 15:36:48 UTC 
sr#840518
Comment 3 Sascha Peilicke 2013-09-17 15:44:30 UTC 
sr#28769 (IBS)
Comment 4 Swamp Workflow Management 2013-11-15 18:05:56 UTC 
openSUSE-SU-2013:1685-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 840518
CVE References: CVE-2013-1443
Sources used:
openSUSE 13.1 (src):    python-django-1.5.5-2.4.1
Comment 5 Alexander Bergmann 2014-04-24 07:25:06 UTC 
CVE-2013-1443 was fixed with with the following releases:

Django 1.6 beta 4
Django 1.5.4
Django 1.4.8

All maintained SLE and openSUSE versions are not vulnerable to this issue.

openSUSE:12.3:Update          :      1.4.8
openSUSE:13.1:Update          :      1.5.5

sle11/SP3-UPDATES             :      1.4.8
sle11/SP3-UPDATE-PRODUCTS     :      1.5.4

Released and fixed. Closing bug.