From e4c9703ec66e2638385fbb240a49925c138b7dea Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Wed, 1 Nov 2023 08:16:14 +0100 Subject: [PATCH] [4.2.x] Added CVE-2023-46695 to security archive. Backport of 7caf2621833a45cdfe7e6e305e4885ecc8d79744 from main --- docs/releases/security.txt | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 6fdee8bf57..cf63dafa0d 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,8 +36,19 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +November 1, 2023 - :cve:`2023-46695` +------------------------------------ + +Potential denial of service vulnerability in ``UsernameField`` on Windows. +`Full description +`__ + +* Django 4.2 :commit:`(patch) <048a9ebb6ea468426cb4e57c71572cbbd975517f>` +* Django 4.1 :commit:`(patch) <4965bfdde2e5a5c883685019e57d123a3368a75e>` +* Django 3.2 :commit:`(patch) ` + October 4, 2023 - :cve:`2023-43665` -------------------------------------- +----------------------------------- Denial-of-service possibility in ``django.utils.text.Truncator``. `Full description