oss-sec mailing list archives
Re: [CVE request] Django 1.4.6 security release
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Aug 2013 21:06:12 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/14/2013 02:11 AM, Thijs Kinkhorst wrote:
On Wed, August 14, 2013 09:42, Kurt Seifried wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/13/2013 11:31 PM, Moritz Muehlenhoff wrote:Hi, this needs two CVE assignments: https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/Please provide links to the vulnerable code/fixed code thanks.Links to the patches of the various affected release branches can be found at the bottom of the quoted URL. Thijs
For the Issue: Cross-site scripting (XSS) in admin interface please use CVE-2013-4249 for this issue. For Issue: Cross-site scripting (XSS) in admin interface I'm going to consider this as security hardening unless someone tells me otherwise. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSDEWkAAoJEBYNRVNeJnmTro0P/0qTtLEXOwV4O3uKtzR4pnWG 9SAFxmGkZ619OdLgcn3Zk96LaGYBw9l/F2BSl0m9yBNUpnFi5lAvKREJMJBJmQcC +kzW9Ta/7CP4DZfpH+ROACVD2rKVm857iX5ILFIp8RUcHN4Z1A5JtkR6s7ye0iiQ dflOtOUtDs9pv4rpL0lhDnlbw/nyW7VA50CmhT+8SyzXp89FKeelFn1r7Pyf3Rld wF7kVlz4ECziTVhXEQaWSR93j5pYBONnr6sQ6Sa+8vVnIZuOUimMED6a6VAc8wrl oHiNFz3RRpuUrtP2Jwfd8aPeAiJttRwQfWJm93tz3p0GrvdOs7U84tFoiXJgm9JY fdSOEChKMqkOjqcwMs1PJrWUKP4OlkKlpIG/Ha2cdzxFyIQYq6ofHdUuGU8t1t8q ep4XqlxbJhecLdRXPjdkm7qH6bKpccNk7F8V10yla+s2AwBqSQK3iiQkKI19Lalv yYxteoBGJutWbxz/NmCxS7KvxGJi/XpCdF+DDwdJTV7UauujSbBbOFe28U5rHXXw 1Vzh/YjwJExNLUaIIe/57KTka4XuK0ldPwhV0rcHEN9LVPTYR7BZA0a2gVJl5exg SNmD7B4CRihAIt79+ocKgtuXUist6s7Mg54MYwOIog/fc1iRX6qptYnb4fTw3gxg PlvRGQKO/XEv5Q6n5J0Q =cIus -----END PGP SIGNATURE-----
Current thread:
- [CVE request] Django 1.4.6 security release Moritz Muehlenhoff (Aug 13)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Thijs Kinkhorst (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 19)
- Re: [CVE request] Django 1.4.6 security release Thijs Kinkhorst (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)