diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 7af0300f56d..f42583f16cc 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -516,3 +516,56 @@ Versions affected * Django 1.5 `(patch) `__ * Django 1.6 `(patch) `__ * Django 1.7 `(patch) `__ + +January 13, 2015 - CVE-2015-0219 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-0219 `_: +WSGI header spoofing via underscore/dash conflation. +`Full description `__ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ +* Django 1.6 `(patch) `__ +* Django 1.7 `(patch) `__ + +January 13, 2015 - CVE-2015-0220 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-0220 `_: Mitigated possible XSS attack via user-supplied redirect URLs. `Full description `__ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ +* Django 1.6 `(patch) `__ +* Django 1.7 `(patch) `__ + +January 13, 2015 - CVE-2015-0221 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-0221 `_: +Denial-of-service attack against ``django.views.static.serve()``. +`Full description `__ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ +* Django 1.6 `(patch) `__ +* Django 1.7 `(patch) `__ + +January 13, 2015 - CVE-2015-0222 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-0222 `_: +Database denial-of-service with ``ModelMultipleChoiceField``. +`Full description `__ + +Versions affected +----------------- + +* Django 1.6 `(patch) `__ +* Django 1.7 `(patch) `__