Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: [CVE request] Django 1.4.6 security release
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Aug 2013 21:06:12 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/14/2013 02:11 AM, Thijs Kinkhorst wrote:
On Wed, August 14, 2013 09:42, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 08/13/2013 11:31 PM, Moritz Muehlenhoff wrote:
Hi, this needs two CVE assignments: 
https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/


Please provide links to the vulnerable code/fixed code thanks.

Links to the patches of the various affected release branches can
be found at the bottom of the quoted URL.


Thijs

For the Issue: Cross-site scripting (XSS) in admin interface please
use CVE-2013-4249 for this issue.

For Issue: Cross-site scripting (XSS) in admin interface I'm going to
consider this as security hardening unless someone tells me otherwise.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSDEWkAAoJEBYNRVNeJnmTro0P/0qTtLEXOwV4O3uKtzR4pnWG
9SAFxmGkZ619OdLgcn3Zk96LaGYBw9l/F2BSl0m9yBNUpnFi5lAvKREJMJBJmQcC
+kzW9Ta/7CP4DZfpH+ROACVD2rKVm857iX5ILFIp8RUcHN4Z1A5JtkR6s7ye0iiQ
dflOtOUtDs9pv4rpL0lhDnlbw/nyW7VA50CmhT+8SyzXp89FKeelFn1r7Pyf3Rld
wF7kVlz4ECziTVhXEQaWSR93j5pYBONnr6sQ6Sa+8vVnIZuOUimMED6a6VAc8wrl
oHiNFz3RRpuUrtP2Jwfd8aPeAiJttRwQfWJm93tz3p0GrvdOs7U84tFoiXJgm9JY
fdSOEChKMqkOjqcwMs1PJrWUKP4OlkKlpIG/Ha2cdzxFyIQYq6ofHdUuGU8t1t8q
ep4XqlxbJhecLdRXPjdkm7qH6bKpccNk7F8V10yla+s2AwBqSQK3iiQkKI19Lalv
yYxteoBGJutWbxz/NmCxS7KvxGJi/XpCdF+DDwdJTV7UauujSbBbOFe28U5rHXXw
1Vzh/YjwJExNLUaIIe/57KTka4XuK0ldPwhV0rcHEN9LVPTYR7BZA0a2gVJl5exg
SNmD7B4CRihAIt79+ocKgtuXUist6s7Mg54MYwOIog/fc1iRX6qptYnb4fTw3gxg
PlvRGQKO/XEv5Q6n5J0Q
=cIus
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]