CVE Assignment: django

[Josh Bressers <bressers () redhat com>]

This was just pointed out to me:

http://www.djangoproject.com/weblog/2010/sep/08/security-release/

"""
The provided template tag for inserting the CSRF token into forms -- {% csrf_token %} -- explicitly trusts the cookie 
value, and displays it as-is. Thus, an attacker who is able to tamper with the value of the CSRF cookie can cause 
arbitrary content to be inserted, unescaped, into the outgoing HTML of the form, enabling cross-site scripting (XSS) 
attacks.
"""

Please use CVE-2010-3082

Thanks.

-- 
    JB