Summary: | dev-python/django-1.4.8 : "authenticate()" User Enumeration Weakness | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54197/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 484984 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-07-27 09:29:33 UTC
Waiting on decision of whether this requires a CVE. Patch available from upstream at [1]. [1] https://code.djangoproject.com/attachment/ticket/20760/20760_fix_hash_once.diff Patch merged upstream, available at [1]. [1] https://github.com/django/django/commit/5b47a9c5a0dcb513dc5ff68b617b3aa374c90f3b |