diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 474eeee26d..c73cea6dbd 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -448,3 +448,54 @@ Versions affected * Django 1.4 `(patch `__ and `Python compatibility fix) `__ * Django 1.5 `(patch) `__ + + +April 21, 2014 - CVE-2014-2014-0472 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2014-0472 `_: Unexpected code execution using ``reverse()``. `Full description `_ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ + +* Django 1.5 `(patch) `__ + +* Django 1.6 `(patch) `__ + +* Django 1.7 `(patch) `__ + + +April 21, 2014 - CVE-2014-2014-0473 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2014-0473 `_: Caching of anonymous pages could reveal CSRF token. `Full description `_ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ + +* Django 1.5 `(patch) `__ + +* Django 1.6 `(patch) `__ + +* Django 1.7 `(patch) `__ + + +April 21, 2014 - CVE-2014-2014-0474 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2014-0474 `_: MySQL typecasting causes unexpected query results. `Full description `_ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ + +* Django 1.5 `(patch) `__ + +* Django 1.6 `(patch) `__ + +* Django 1.7 `(patch) `__