From a0f60958cf67d7ed1128e362cb1d6abee49169ed Mon Sep 17 00:00:00 2001 From: James Bennett Date: Mon, 21 Apr 2014 18:28:24 -0500 Subject: [PATCH] [1.5.x] Add missing disclosure information to security archive. --- docs/releases/security.txt | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 3cc7e82628..d9c511efb8 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -465,3 +465,37 @@ Versions affected * Django 1.6 `(patch `_) * Django 1.7 `(patch `_) + + +April 21, 2014 - CVE-2014-2014-0473 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2014-0473 `_: Caching of anonymous pages could reveal CSRF token. `Full description `_ + +Versions affected +----------------- + +* Django 1.4 `(patch `_) + +* Django 1.5 `(patch `_) + +* Django 1.6 `(patch `_) + +* Django 1.7 `(patch `_) + + +April 21, 2014 - CVE-2014-2014-0472 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2014-0474 `_: MySQL typecasting causes unexpected query results. `Full description `_ + +Versions affected +----------------- + +* Django 1.4 `(patch `_) + +* Django 1.5 `(patch `_) + +* Django 1.6 `(patch `_) + +* Django 1.7 `(patch `_)