[Secure-testing-commits] r32980 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Mar 19 06:15:21 UTC 2015
Author: carnil
Date: 2015-03-19 06:15:21 +0000 (Thu, 19 Mar 2015)
New Revision: 32980
Modified:
data/CVE/list
Log:
Add two python-django CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-19 05:57:11 UTC (rev 32979)
+++ data/CVE/list 2015-03-19 06:15:21 UTC (rev 32980)
@@ -24,10 +24,17 @@
RESERVED
CVE-2015-2321
RESERVED
-CVE-2015-2317
+CVE-2015-2317 [Mitigated possible XSS attack via user-supplied redirect URLs]
RESERVED
-CVE-2015-2316
+ - python-django <unfixed>
+ NOTE: https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b (1.4.x)
+ NOTE: https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1 (1.7.x)
+CVE-2015-2316 [Denial-of-service possibility with strip_tags()]
RESERVED
+ - python-django <unfixed>
+ [wheezy] - python-django <not-affected> (vulnerable code not present)
+ [squeeze] - python-django <not-affected> (vulnerable code not present)
+ NOTE: https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97 (1.7.x)
CVE-2015-2315 (Cross-site scripting (XSS) vulnerability in the WPML plugin before ...)
TODO: check
CVE-2015-2314 (SQL injection vulnerability in the WPML plugin before 3.1.9 for ...)
More information about the Secure-testing-commits
mailing list