CVE 2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
Related bugs and status
CVE-2013-1665 (Candidate) is related to these bugs:
Bug #1089337: Please backport Django 1.3.5/1.4.3 security updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Raring) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Precise) | Medium | Fix Released | ||
| 1089337 | Please backport Django 1.3.5/1.4.3 security updates | python-django (Ubuntu Quantal) | Medium | Fix Released | ||
Bug #1100279: [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1100279 | [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665) | OpenStack Identity (keystone) | High | Fix Released | ||
| 1100279 | [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665) | OpenStack Identity (keystone) essex | High | Fix Released | ||
| 1100279 | [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665) | OpenStack Identity (keystone) folsom | High | Fix Released | ||
| 1100279 | [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665) | OpenStack Security Advisory | Undecided | Fix Released | ||
Bug #1116671: Meta bug for tracking Openstack 2012.2.3 Stable Update
Bug #1130445: Security releases issued - Django 1.3.6, Django 1.4.4
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Lucid) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Oneiric) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Quantal) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Raring) | Medium | Fix Released | ||
| 1130445 | Security releases issued - Django 1.3.6, Django 1.4.4 | python-django (Ubuntu Precise) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
