Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-0305

Published: 20 February 2013

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Notes

AuthorNote
jdstrand 
requires access to the admin interface

Priority

Low

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (1.1.1-2ubuntu1.8)
oneiric
Released (1.3-2ubuntu1.6)
precise
Released (1.3.1-4ubuntu1.6)
quantal
Released (1.4.1-2ubuntu0.3)
upstream
Released (1.4.4-1)
Patches:
upstream: https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6
upstream: https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35
vendor: http://www.debian.org/security/2013/dsa-2634

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading