Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.
b392b918c4a2132a058b80068ecb5d6b09912f2551f9368b0623a0e6b05f9241
Debian Linux Security Advisory 2758-1 - It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords.
5595b282fdbea1494cb8ba11a4337119b7bf4982945bd53492ae2fbd5ce7b724