回复: git: 7cd59a7b0d9c - main - security/vux ml:_Document_Django_multiple_vulnerabilities
Date: Tue, 14 Feb 2023 13:58:00 UTC
You are right.
Now fixed, thank you !
wen
________________________________________
发件人: Dan Langille <dan@langille.org>
发送时间: 2023年2月14日 21:49
收件人: Wen Heping; ports-committers@FreeBSD.org; dev-commits-ports-all@FreeBSD.org; dev-commits-ports-main@FreeBSD.org
主题: Re: git: 7cd59a7b0d9c - main - security/vuxml: Document Django multiple vulnerabilities
On Tue, Feb 14, 2023, at 7:04 AM, Wen Heping wrote:
> The branch main has been updated by wen:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=7cd59a7b0d9c15b24dae177e6feafea107670ff5
>
> commit 7cd59a7b0d9c15b24dae177e6feafea107670ff5
> Author: Wen Heping <wen@FreeBSD.org>
> AuthorDate: 2023-02-14 12:03:26 +0000
> Commit: Wen Heping <wen@FreeBSD.org>
> CommitDate: 2023-02-14 12:03:59 +0000
>
> security/vuxml: Document Django multiple vulnerabilities
> ---
> security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 41 insertions(+)
>
> diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
> index a3feb1c2e6d7..9cc6385ce320 100644
> --- a/security/vuxml/vuln/2023.xml
> +++ b/security/vuxml/vuln/2023.xml
> @@ -1,3 +1,44 @@
> + <vuln vid="9c9ee9a6-ac5e-11ed-9323-080027d3a315">
> + <topic>Django -- multiple vulnerabilities</topic>
> + <affects>
> + <package>
> + <name>py37-django32</name>
> + <name>py38-django32</name>
> + <name>py39-django32</name>
> + <name>py310-django32</name>
> + <range><lt>3.2.18</lt></range>
> + </package>
> + <package>
> + <name>py38-django40</name>
> + <name>py39-django40</name>
> + <name>py310-django40</name>
> + <range><lt>4.0.10</lt></range>
> + </package>
> + <package>
> + <name>py38-django41</name>
> + <name>py39-django41</name>
> + <name>py310-django41</name>
> + <range><lt>4.1.7/range>
The above has incorrect tags.I think it might be:
<range><lt>4.1.7</lt></range>
But I'm not sure.
> + </package>
> + </affects>
> + <description>
> + <body xmlns="http://www.w3.org/1999/xhtml">
> + <p>Django reports:</p>
> + <blockquote
> cite="https://www.djangoproject.com/weblog/2023/feb/14/security-releases/">
> + <p>CVE-2023-24580: Potential denial-of-service vulnerability in
> file uploads.</p>
> + </blockquote>
> + </body>
> + </description>
> + <references>
> + <cvename>CVE-2023-24580</cvename>
> +
> <url>https://www.djangoproject.com/weblog/2023/feb/14/security-releases/</url>
> + </references>
> + <dates>
> + <discovery>2023-02-01</discovery>
> + <entry>2023-02-14</entry>
> + </dates>
> + </vuln>
> +
> <vuln vid="0a7a5dfb-aba4-11ed-be2c-001cc0382b2f">
> <topic>GnuTLS -- timing sidechannel in RSA decryption</topic>
> <affects>
--
Dan Langille
dan@langille.org