[Secure-testing-commits] r40116 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Mar 1 20:14:54 UTC 2016
Author: carnil
Date: 2016-03-01 20:14:54 +0000 (Tue, 01 Mar 2016)
New Revision: 40116
Modified:
data/CVE/list
Log:
Add two CVEs for python-django
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-01 19:34:44 UTC (rev 40115)
+++ data/CVE/list 2016-03-01 20:14:54 UTC (rev 40116)
@@ -840,10 +840,14 @@
RESERVED
CVE-2016-2514
RESERVED
-CVE-2016-2513
+CVE-2016-2513 [User enumeration through timing difference on password hasher work factor upgrade]
RESERVED
-CVE-2016-2512
+ - python-django <unfixed> (bug #816434)
+ NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
+CVE-2016-2512 [Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth]
RESERVED
+ - python-django <unfixed> (bug #816434)
+ NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2538 [usb: integer overflow in remote NDIS control message handling]
RESERVED
- qemu <unfixed> (bug #815680)
More information about the Secure-testing-commits
mailing list