[Secure-testing-commits] r45835 - data/CVE
Nicholas Luedtke
nluedtke-guest at moszumanska.debian.org
Tue Nov 1 15:23:30 UTC 2016
Author: nluedtke-guest
Date: 2016-11-01 15:23:30 +0000 (Tue, 01 Nov 2016)
New Revision: 45835
Modified:
data/CVE/list
Log:
Add CVE-2016-901{3,4}/python-django
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-01 15:06:39 UTC (rev 45834)
+++ data/CVE/list 2016-11-01 15:23:30 UTC (rev 45835)
@@ -295,10 +295,18 @@
CVE-2016-9015 [certificate verification failure]
RESERVED
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
-CVE-2016-9014
+CVE-2016-9014 [DNS rebinding vulnerability when DEBUG=True]
RESERVED
-CVE-2016-9013
+ - python-django <unfixed>
+ NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
+ NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
+ TODO: check if vulnerable code present
+CVE-2016-9013 [User with hardcoded password created when running tests on Oracle]
RESERVED
+ - python-django <unfixed>
+ NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
+ NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
+ TODO: check if vulnerable code present
CVE-2016-9012
RESERVED
CVE-2016-9010
More information about the Secure-testing-commits
mailing list