DEBIAN-CVE-2013-1665

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2013-1665

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2013-1665.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2013-1665

Upstream

CVE-2013-1665

Published

2013-04-03T00:55:02Z

Modified

2025-09-17T19:02:51Z

Summary

[none]

Details

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

References

https://security-tracker.debian.org/tracker/CVE-2013-1665

Affected packages

Debian:11

keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}