Launchpad CVE tracker

CVE 2015-0221

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.

Related bugs and status

CVE-2015-0221 (Candidate) is related to these bugs:

Bug #1417274: CVE-2015-0221 backport broke serving static content through GZipMiddleware

		In	Importance	Status
1417274	CVE-2015-0221 backport broke serving static content through GZipMiddleware	python-django (Ubuntu)	Undecided	Invalid
1417274	CVE-2015-0221 backport broke serving static content through GZipMiddleware	python-django (Ubuntu Precise)	Undecided	Fix Released
1417274	CVE-2015-0221 backport broke serving static content through GZipMiddleware	python-django (Ubuntu Lucid)	Undecided	Fix Released

Bug #1644346: SRU update Trusty to Python Django 1.6.11

Summary				In	Importance	Status
	1644346	SRU update Trusty to Python Django 1.6.11		python-django (Ubuntu)	Medium	Invalid
	1644346	SRU update Trusty to Python Django 1.6.11		python-django (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.djangoproj...
UBUNTU: USN-2469-1
SECUNIA: 62285
SECUNIA: 62309
SECUNIA: 62718
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:036
MANDRIVA: MDVSA-2015:109
SUSE: openSUSE-SU-2015:0643
FEDORA: FEDORA-2015-0714
FEDORA: FEDORA-2015-0790
FEDORA: FEDORA-2015-0804
SUSE: openSUSE-SU-2015:1598

Launchpad.net

CVE 2015-0221

Related bugs and status

Related bugs

References