From e40581870a63a80fb5bbff5263b21a4fda1a7f93 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Wed, 18 Mar 2015 20:36:50 -0400 Subject: [PATCH] Added today's security issues to archive. --- docs/releases/security.txt | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 2d60fe1cae..c963814c4d 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -582,3 +582,32 @@ Versions affected * Django 1.7 `(patch) `__ * Django 1.8 `(patch) `_ + +March 18, 2015 - CVE-2015-2316 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-2316 `_: +Denial-of-service possibility with ``strip_tags()``. +`Full description `__ + +Versions affected +----------------- + +* Django 1.6 `(patch) `__ +* Django 1.7 `(patch) `__ +* Django 1.8 `(patch) `__ + +March 18, 2015 - CVE-2015-2317 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +`CVE-2015-2317 `_: +Mitigated possible XSS attack via user-supplied redirect URLs. +`Full description `__ + +Versions affected +----------------- + +* Django 1.4 `(patch) `__ +* Django 1.6 `(patch) `__ +* Django 1.7 `(patch) `__ +* Django 1.8 `(patch) `__