CVE-2012-4520

Publication date 30 October 2012

Last updated 24 July 2024


Ubuntu priority

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Read the notes from the security team

Status

Package Ubuntu Release Status
python-django 12.10 quantal
Fixed 1.4.1-2ubuntu0.1
12.04 LTS precise
Fixed 1.3.1-4ubuntu1.3
11.10 oneiric
Fixed 1.3-2ubuntu1.4
10.04 LTS lucid
Fixed 1.1.1-2ubuntu1.6
8.04 LTS hardy Ignored end of life

Notes


jdstrand

fix introduced LP: #1080204

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
python-django