Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.8.7-1ubuntu5.11", "binary_name": "python-django" }, { "binary_version": "1.8.7-1ubuntu5.11", "binary_name": "python-django-common" }, { "binary_version": "1.8.7-1ubuntu5.11", "binary_name": "python-django-doc" }, { "binary_version": "1.8.7-1ubuntu5.11", "binary_name": "python3-django" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:1.11.11-1ubuntu1.6", "binary_name": "python-django" }, { "binary_version": "1:1.11.11-1ubuntu1.6", "binary_name": "python-django-common" }, { "binary_version": "1:1.11.11-1ubuntu1.6", "binary_name": "python-django-doc" }, { "binary_version": "1:1.11.11-1ubuntu1.6", "binary_name": "python3-django" } ] }