CVE-2013-0305
Publication date 20 February 2013
Last updated 24 July 2024
Ubuntu priority
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
Status
Package | Ubuntu Release | Status |
---|---|---|
python-django | 12.10 quantal |
Fixed 1.4.1-2ubuntu0.3
|
12.04 LTS precise |
Fixed 1.3.1-4ubuntu1.6
|
|
11.10 oneiric |
Fixed 1.3-2ubuntu1.6
|
|
10.04 LTS lucid |
Fixed 1.1.1-2ubuntu1.8
|
|
8.04 LTS hardy | Ignored end of life |
Notes
Patch details
Package | Patch details |
---|---|
python-django |
|
References
Related Ubuntu Security Notices (USN)
- USN-1757-1
- Django vulnerabilities
- 7 March 2013