From 0cb6a85f5ef1769823fad7cbd71d8527154ec277 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Tue, 10 Mar 2015 11:01:18 -0400 Subject: [PATCH] Added yesterday's security issue to archive. --- docs/releases/security.txt | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index f42583f16cc..2d60fe1caed 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -357,20 +357,20 @@ Versions affected * Django 1.3 `(patch) `__ * Django 1.4 `(patch) `__ -August 13, 2013 - Awaiting CVE 1 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +August 13, 2013 - CVE-2013-4249 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -(CVE not yet issued): XSS via admin trusting ``URLField`` values. `Full description `__ +`CVE-2013-4249 `_: XSS via admin trusting ``URLField`` values. `Full description `__ Versions affected ----------------- * Django 1.5 `(patch) `__ -August 13, 2013 - Awaiting CVE 2 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +August 13, 2013 - CVE-2013-6044 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -(CVE not yet issued): Possible XSS via unvalidated URL redirect schemes. `Full description `__ +`CVE-2013-6044 `_: Possible XSS via unvalidated URL redirect schemes. `Full description `__ Versions affected ----------------- @@ -569,3 +569,16 @@ Versions affected * Django 1.6 `(patch) `__ * Django 1.7 `(patch) `__ + +March 9, 2015 - CVE-2015-2241 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-2241 `_: +XSS attack via properties in ``ModelAdmin.readonly_fields``. +`Full description `__ + +Versions affected +----------------- + +* Django 1.7 `(patch) `__ +* Django 1.8 `(patch) `_