CVE-2015-8213

Publication date 24 November 2015

Last updated 24 July 2024

Ubuntu priority

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	15.10 wily	Fixed 1.7.9-1ubuntu5.1
	15.04 vivid	Fixed 1.7.6-1ubuntu2.3
	14.04 LTS trusty	Fixed 1.6.1-2ubuntu0.11
	12.04 LTS precise	Fixed 1.3.1-4ubuntu1.19

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2816-1
Django vulnerability
24 November 2015

Other references

https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
https://www.cve.org/CVERecord?id=CVE-2015-8213