Fedora 11 Update: Django-1.1.1-1.fc11
Summary
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
Update Information:
http://www.djangoproject.com/weblog/2009/oct/09/security/ Description of vulnerability ============================ Django's forms library included field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in this regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effective denial-of-service attack.
Change Log
* Fri Oct 9 2009 Steve 'Ashcrow' Milner
References
[ 1 ] Bug #528246 - Django's forms DOS in 1.1/1.0 https://bugzilla.redhat.com/show_bug.cgi?id=528246
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update Django' at the command line. For more information, refer to "Managing Software with yum", available at .