[Secure-testing-commits] r50343 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 4 15:40:30 UTC 2017
Author: carnil
Date: 2017-04-04 15:40:30 +0000 (Tue, 04 Apr 2017)
New Revision: 50343
Modified:
data/CVE/list
Log:
Add new python-django issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-04 15:21:54 UTC (rev 50342)
+++ data/CVE/list 2017-04-04 15:40:30 UTC (rev 50343)
@@ -722,10 +722,16 @@
RESERVED
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
NOT-FOR-US: cloudflare-scrape
-CVE-2017-7234
+CVE-2017-7234 [Open redirect vulnerability in django.views.static.serve()]
RESERVED
-CVE-2017-7233
+ - python-django <unfixed>
+ NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
+ NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
+CVE-2017-7233 [Open redirect and possible XSS attack via user-supplied numeric redirect URLs]
RESERVED
+ - python-django <unfixed>
+ NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
+ NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
CVE-2017-7232
RESERVED
CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow ...)
More information about the Secure-testing-commits
mailing list