[SECURITY] Fedora EPEL 4 Update: Django-1.1.1-1.el4

updates at fedoraproject.org updates at fedoraproject.org
Fri Oct 16 19:30:48 UTC 2009


--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0617
2009-10-10 20:11:56
--------------------------------------------------------------------------------

Name        : Django
Product     : Fedora EPEL 4
Version     : 1.1.1
Release     : 1.el4
URL         : http://www.djangoproject.com/
Summary     : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

http://www.djangoproject.com/weblog/2009/oct/09/security/      Description of
vulnerability  ============================  Django's forms library included
field types which perform regular-expression-based validation of email addresses
and URLs. Certain addresses/URLs could trigger a pathological performance case
in this regular expression, resulting in the server process/thread becoming
unresponsive, and consuming excessive CPU over an extended period of time. If
deliberately triggered, this could result in an effective denial-of-service
attack.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #528246 - Django's forms DOS in 1.1/1.0
        https://bugzilla.redhat.com/show_bug.cgi?id=528246
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update Django' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the epel-package-announce mailing list