From ac8cf0ae76a825f8849a6bfb1cdf94b882ad43f6 Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Tue, 14 Feb 2023 09:52:30 +0100 Subject: [PATCH] [4.2.x] Added CVE-2023-24580 to security archive. Backport of ecafcaf634fcef93f9da8cb12795273dd1c3a576 from main --- docs/releases/security.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 0023fed03f..0a82738709 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,16 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +February 14, 2023 - :cve:`2023-24580` +------------------------------------- + +Potential denial-of-service vulnerability in file uploads. `Full description +`__ + +* Django 4.1 :commit:`(patch) <628b33a854a9c68ec8a0c51f382f304a0044ec92>` +* Django 4.0 :commit:`(patch) <83f1ea83e4553e211c1c5a0dfc197b66d4e50432>` +* Django 3.2 :commit:`(patch) ` + February 1, 2023 - :cve:`2023-23969` ------------------------------------