Package: python-django Version: 1.0.2-1+lenny1 Severity: serious Tags: security
> Django's forms library included field types which perform > regular-expression based validation of email addresses and URLs. Certain > addresses/URLs could trigger a pathological performance case in this > regular expression, resulting in the server process/thread becoming > unresponsive, and consuming excessive CPU over an extended period of time. > If deliberately triggered, this could result in an effective > denial-of-service attack. [..] > This issue was disclosed publicly by a third party on a high-traffic > mailing list, and attempts have been made to exploit it against live Django > installations. <http://www.djangoproject.com/weblog/2009/oct/09/security/> Does not affect unstable (once 1.1.1-1 lands). Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org `-
signature.asc
Description: PGP signature