CVE-2015-5144

Publication date 8 July 2015

Last updated 24 July 2024


Ubuntu priority

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Status

Package Ubuntu Release Status
python-django 15.04 vivid
Fixed 1.7.6-1ubuntu2.1
14.10 utopic
Fixed 1.6.6-1ubuntu2.3
14.04 LTS trusty
Fixed 1.6.1-2ubuntu0.9
12.04 LTS precise
Fixed 1.3.1-4ubuntu1.17

References

Related Ubuntu Security Notices (USN)

Other references