On Fri, 2009-10-09 at 12:21 -0700, davisd wrote:
> Sorry for the public disclosure... I did email django security after
> I posted. I'm just getting into this open source goodness and I'm not
> really sure how it's supposed to operate yet.
>
> I did consult the documentation:
> http://docs.djangoproject.com/en/dev/internals/contributing/
>
> Jacob:
> I'm running django from SVN
> Python 2.6.2
> I believe the Operating system is moot- it's all in the python.
> Linux kernel 2.6.31-11, but also 2.6.18.8 -
>
> I'm wondering if a multithreaded webserver setup would be more guarded
> against this sort of thing?
>
This bug has no effect on FreeBSD systems I've tested, so it looks like
it is OS specific.
FreeBSD 7.0, 7.1, 7.2 + python 2.5.4 work fine.
> $ time python -c "from django.forms.fields import email_re;
> email_re.match('viewx3dtextx26q...@yahoo.comx26latlngx3d15854521645943074058');
> import django; print django.VERSION"
(1, 1, 0, 'final', 0)
real 0m0.086s
user 0m0.055s
sys 0m0.029s
Linux 2.6.27 + python 2.5.4 fails.
> $ time python -c "from django.forms.fields import email_re;
> email_re.match('viewx3dtextx26q...@yahoo.comx26latlngx3d15854521645943074058');
> import django; print django.VERSION"
^CTraceback (most recent call last):
File "<string>", line 1, in <module>
KeyboardInterrupt
real 0m21.317s
user 0m21.173s
sys 0m0.044s
Cheers
Tom
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
