CVE-2013-1665
Published: 19 February 2013
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
Notes
| Author | Note |
|---|---|
| jdstrand | Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
keystone Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Ignored
|
|
| precise |
Released
(2012.1+stable~20120824-a16a0ab9-0ubuntu2.5)
|
|
| quantal |
Released
(2012.2.1-0ubuntu1.2)
|
|
| upstream |
Pending
(2013.1~g3)
|
|
|
python-django Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(1.1.1-2ubuntu1.8)
|
|
| oneiric |
Released
(1.3-2ubuntu1.6)
|
|
| precise |
Released
(1.3.1-4ubuntu1.6)
|
|
| quantal |
Released
(1.4.1-2ubuntu0.3)
|
|
| upstream |
Released
(1.4.5-1)
|
|
|
Patches: upstream: https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40 upstream: https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112 vendor: http://www.debian.org/security/2013/dsa-2634 |
||