From b749c980a066a15b58b236656e57b66073a35a52 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Tue, 4 Apr 2017 21:42:30 -0400 Subject: [PATCH] Added CVE-2017-7233,4 to the security release archive. --- docs/releases/security.txt | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 171e19d85e7..0e92d6a185d 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -807,3 +807,29 @@ Versions affected * Django 1.10 `(patch) `__ * Django 1.9 `(patch) `__ * Django 1.8 `(patch) `__ + +April 4, 2017 - :cve:`2017-7233` +-------------------------------- + +Open redirect and possible XSS attack via user-supplied numeric redirect URLs. +`Full description `__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 1.10 `(patch) `__ +* Django 1.9 `(patch) `__ +* Django 1.8 `(patch) `__ + +April 4, 2017 - :cve:`2017-7234` +-------------------------------- + +Open redirect vulnerability in ``django.views.static.serve()``. `Full +description `__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 1.10 `(patch) `__ +* Django 1.9 `(patch) `__ +* Django 1.8 `(patch) `__