diff options
| author | miwi <miwi@FreeBSD.org> | 2017-04-05 02:10:17 +0800 |
|---|---|---|
| committer | miwi <miwi@FreeBSD.org> | 2017-04-05 02:10:17 +0800 |
| commit | aef0513e051f80528a43acfce1a7a013956ec537 (patch) | |
| tree | 26e02a3084180af77e7a6c18977dcc0cb097ce00 /security/vuxml | |
| parent | 98a65751e00bfdd05e960eebbb7b6dca6bee2c63 (diff) | |
| download | freebsd-ports-gnome-aef0513e051f80528a43acfce1a7a013956ec537.tar.gz freebsd-ports-gnome-aef0513e051f80528a43acfce1a7a013956ec537.tar.zst freebsd-ports-gnome-aef0513e051f80528a43acfce1a7a013956ec537.zip | |
- Document django -- multible vulnerabilities
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3f71f69a09c0..7ef296b091b1 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,67 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="dc880d6c-195d-11e7-8c63-0800277dcc69"> + <topic>django -- multible vulnerabilities</topic> + <affects> + <package> + <name>py27-django</name> + <name>py33-django</name> + <name>py34-django</name> + <name>py35-django</name> + <name>py36-django</name> + <range><lt>1.8.18</lt></range> + </package> + <package> + <name>py27-django18</name> + <name>py33-django18</name> + <name>py34-django18</name> + <name>py35-django18</name> + <name>py36-django18</name> + <range><lt>1.8.18</lt></range> + </package> + <package> + <name>py27-django19</name> + <name>py33-django19</name> + <name>py34-django19</name> + <name>py35-django19</name> + <name>py36-django19</name> + <range><lt>1.9.13</lt></range> + </package> + <package> + <name>py27-django110</name> + <name>py27-django110</name> + <name>py27-django110</name> + <name>py27-django110</name> + <name>py27-django110</name> + <range><lt>1.10.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django team reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"> + <p>These release addresses two security issues detailed below. We + encourage all users of Django to upgrade as soon as possible.</p> + <ul> + <li>Open redirect and possible XSS attack via user-supplied numeric + redirect URLs</li> + <li>Open redirect vulnerability in django.views.static.serve()</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://www.djangoproject.com/weblog/2017/apr/04/security-releases/</url> + <cvename>CVE-2017-7233</cvename> + <cvename>CVE-2017-7234</cvename> + </references> + <dates> + <discovery>2017-04-04</discovery> + <entry>2017-04-04</entry> + </dates> + </vuln> + <vuln vid="356b02e9-1954-11e7-9608-001999f8d30b"> <topic>asterisk -- Buffer overflow in CDR's set user</topic> <affects> |