[Secure-testing-commits] r40116 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Mar 1 20:14:54 UTC 2016


Author: carnil
Date: 2016-03-01 20:14:54 +0000 (Tue, 01 Mar 2016)
New Revision: 40116

Modified:
   data/CVE/list
Log:
Add two CVEs for python-django

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-01 19:34:44 UTC (rev 40115)
+++ data/CVE/list	2016-03-01 20:14:54 UTC (rev 40116)
@@ -840,10 +840,14 @@
 	RESERVED
 CVE-2016-2514
 	RESERVED
-CVE-2016-2513
+CVE-2016-2513 [User enumeration through timing difference on password hasher work factor upgrade]
 	RESERVED
-CVE-2016-2512
+	- python-django <unfixed> (bug #816434)
+	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
+CVE-2016-2512 [Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth]
 	RESERVED
+	- python-django <unfixed> (bug #816434)
+	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
 CVE-2016-2538 [usb: integer overflow in remote NDIS control message handling]
 	RESERVED
 	- qemu <unfixed> (bug #815680)




More information about the Secure-testing-commits mailing list