[Secure-testing-commits] r28396 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Aug 21 04:06:36 UTC 2014


Author: carnil
Date: 2014-08-21 04:06:21 +0000 (Thu, 21 Aug 2014)
New Revision: 28396

Modified:
   data/CVE/list
Log:
Add CVEs for python-django, now public, already fixed in unstable, thanks lfarone

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-21 04:04:52 UTC (rev 28395)
+++ data/CVE/list	2014-08-21 04:06:21 UTC (rev 28396)
@@ -12156,14 +12156,18 @@
 	RESERVED
 CVE-2014-0484
 	RESERVED
-CVE-2014-0483
+CVE-2014-0483 [data leakage via querystring manipulation in admin]
 	RESERVED
-CVE-2014-0482
+	- python-django 1.6.6-1
+CVE-2014-0482 [RemoteUserMiddleware session hijacking]
 	RESERVED
-CVE-2014-0481
+	- python-django 1.6.6-1
+CVE-2014-0481 [file upload denial of service]
 	RESERVED
-CVE-2014-0480
+	- python-django 1.6.6-1
+CVE-2014-0480 reverse() can generate URLs pointing to other hosts]
 	RESERVED
+	- python-django 1.6.6-1
 CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows ...)
 	{DSA-2997-1}
 	- reportbug 6.5.0+nmu1




More information about the Secure-testing-commits mailing list