[Secure-testing-commits] r46144 - data/CVE
Scott Kitterman
kitterman at moszumanska.debian.org
Sat Nov 12 19:18:36 UTC 2016
Author: kitterman
Date: 2016-11-12 19:18:36 +0000 (Sat, 12 Nov 2016)
New Revision: 46144
Modified:
data/CVE/list
Log:
Add fixed versions for python-django CVE-2016-9013 and CVE-2016-9014
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-12 18:34:58 UTC (rev 46143)
+++ data/CVE/list 2016-11-12 19:18:36 UTC (rev 46144)
@@ -708,13 +708,13 @@
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
CVE-2016-9014 [DNS rebinding vulnerability when DEBUG=True]
RESERVED
- - python-django <unfixed> (bug #842856)
+ - python-django 1.10.3-1 (bug #842856)
[jessie] - python-django <no-dsa> (Minor issue; can be updated via point release)
NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
CVE-2016-9013 [User with hardcoded password created when running tests on Oracle]
RESERVED
- - python-django <unfixed> (bug #842856)
+ - python-django 1.10.3-1 (bug #842856)
[jessie] - python-django <no-dsa> (Minor issue; can be updated via point release)
[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
More information about the Secure-testing-commits
mailing list