Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

Related bugs and status

CVE-2015-0222 (Candidate) is related to these bugs:

Bug #1644346: SRU update Trusty to Python Django 1.6.11

Summary				In	Importance	Status
	1644346	SRU update Trusty to Python Django 1.6.11		python-django (Ubuntu)	Medium	Invalid
	1644346	SRU update Trusty to Python Django 1.6.11		python-django (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.djangoproj...
UBUNTU: USN-2469-1
SECUNIA: 62285
SECUNIA: 62309
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:109
SUSE: openSUSE-SU-2015:0643
FEDORA: FEDORA-2015-0714
FEDORA: FEDORA-2015-0790
FEDORA: FEDORA-2015-0804
SUSE: openSUSE-SU-2015:1598