From 047ece3014f688d64e190f0d0c9845e9a7dd11fa Mon Sep 17 00:00:00 2001
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Date: Tue, 1 Feb 2022 08:17:25 +0100
Subject: [PATCH] [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security
 archive.

Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
---
 docs/releases/security.txt | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 72c2253fda..8b85b4a981 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -1286,3 +1286,28 @@ Versions affected
 * Django 3.2 :commit:`(patch) <8d2f7cff76200cbd2337b2cf1707e383eb1fb54b>`
 * Django 2.2 :commit:`(patch) <4cb35b384ceef52123fc66411a73c36a706825e1>`
 
+February 1, 2022 - :cve:`2022-22818`
+------------------------------------
+
+Possible XSS via ``{% debug %}`` template tag. `Full description
+<https://www.djangoproject.com/weblog/2022/feb/01/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 4.0 :commit:`(patch) <01422046065d2b51f8f613409cad2c81b39487e5>`
+* Django 3.2 :commit:`(patch) <1a1e8278c46418bde24c86a65443b0674bae65e2>`
+* Django 2.2 :commit:`(patch) <c27a7eb9f40b64990398978152e62b6ff839c2e6>`
+
+February 1, 2022 - :cve:`2022-23833`
+------------------------------------
+
+Denial-of-service possibility in file uploads. `Full description
+<https://www.djangoproject.com/weblog/2022/feb/01/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 4.0 :commit:`(patch) <f9c7d48fdd6f198a6494a9202f90242f176e4fc9>`
+* Django 3.2 :commit:`(patch) <d16133568ef9c9b42cb7a08bdf9ff3feec2e5468>`
+* Django 2.2 :commit:`(patch) <c477b761804984c932704554ad35f78a2e230c6a>`