MySQL typecasting
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-django (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The MySQL database is known to "typecast" on certain queries; for
example, when querying a table which contains string values, but using
a query which filters based on an integer value, MySQL will first
silently coerce the strings to integers, and return a result based on
that.
Django's model field classes are aware of their own types, and most
such classes perform explicit conversion of query arguments to the
correct database-level type before querying. However, three model
field classes did not correctly convert their arguments:
* ``FilePathField``
* ``GenericIPAddr
* ``IPAddressField``
These three fields have been updated to convert their arguments to the
correct types before querying.
Additionally, developers of custom model fields are now warned via
documentation to ensure their custom field classes will perform
appropriate type conversions, and users of the ``raw()`` and
``extra()`` query methods -- which allow the developer to supply raw
SQL or SQL fragments -- will be advised to ensure they perform
appropriate manual type conversions prior to executing queries.
Related branches
CVE References
information type: | Private Security → Public Security |
This bug was fixed in the package python-django - 1.1.1-2ubuntu1.10
---------------
python-django (1.1.1-2ubuntu1.10) lucid-security; urgency=medium
* SECURITY UPDATE: unexpected code execution using reverse() patches/ CVE-2014- 0472.patch: added filtering to core/urlresolve rs.py, added tests to regressiontests /urlpatterns_ reverse/ nonimported_ module. py, regressiontests /urlpatterns_ reverse/ tests.py, regressiontests /urlpatterns_ reverse/ urls.py, regressiontests /urlpatterns_ reverse/ views.py. patches/ CVE-2014- 0473.patch: don't cache responses with a middleware/ cache.py, backport has_vary_header() to utils/cache. py. patches/ CVE-2014- 0474.patch: convert arguments to correct db/models/ fields/ __init_ _.py, added tests to regressiontests /model_ fields/ tests.py.
(LP: #1309779)
- debian/
django/
tests/
tests/
tests/
tests/
- CVE-2014-0472
* SECURITY UPDATE: caching of anonymous pages could reveal CSRF token
(LP: #1309782)
- debian/
cookie in django/
django/
- CVE-2014-0473
* SECURITY UPDATE: MySQL typecasting issue (LP: #1309784)
- debian/
type in django/
tests/
- CVE-2014-0474
-- Marc Deslauriers <email address hidden> Sat, 19 Apr 2014 11:21:00 -0400