CVE-2015-5964

Publication date 18 August 2015

Last updated 24 July 2024

Ubuntu priority

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	15.04 vivid	Fixed 1.7.6-1ubuntu2.2
	14.04 LTS trusty	Fixed 1.6.1-2ubuntu0.10
	12.04 LTS precise	Fixed 1.3.1-4ubuntu1.18

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2720-1
Django vulnerability
18 August 2015

Other references

https://www.cve.org/CVERecord?id=CVE-2015-5964