[Secure-testing-commits] r35377 - data/CVE
Alessandro Ghedini
ghedo at moszumanska.debian.org
Wed Jul 8 21:46:17 UTC 2015
Author: ghedo
Date: 2015-07-08 21:46:17 +0000 (Wed, 08 Jul 2015)
New Revision: 35377
Modified:
data/CVE/list
Log:
Add python-django issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-08 21:10:15 UTC (rev 35376)
+++ data/CVE/list 2015-07-08 21:46:17 UTC (rev 35377)
@@ -678,12 +678,20 @@
NOT-FOR-US: Zoho ManageEngine SupportCenter Plus
CVE-2015-5148 (SQL injection vulnerability in LivelyCart 1.2.0 allows remote ...)
NOT-FOR-US: LivelyCart
-CVE-2015-5145
+CVE-2015-5145 [denial-of-service possibility in URL validation]
RESERVED
-CVE-2015-5144
+ - python-django <unfixed>
+ [jessie] - python-django <not-affected> (Vulnerable code not present)
+ [wheezy] - python-django <not-affected> (Vulnerable code not present)
+ NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
+CVE-2015-5144 [header injection possibility since validators accept newlines in input]
RESERVED
-CVE-2015-5143
+ - python-django <unfixed>
+ NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
+CVE-2015-5143 [denial-of-service possibility by filling session store]
RESERVED
+ - python-django <unfixed>
+ NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
CVE-2015-5142
RESERVED
CVE-2015-5141
More information about the Secure-testing-commits
mailing list