svn commit: r425146 - head/security/vuxml
Li-Wen Hsu
lwhsu at FreeBSD.org
Wed Nov 2 12:49:20 UTC 2016
Author: lwhsu
Date: Wed Nov 2 12:49:18 2016
New Revision: 425146
URL: https://svnweb.freebsd.org/changeset/ports/425146
Log:
Document Django vulnerabilities CVE-2016-9013, CVE-2016-9014
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Nov 2 12:45:35 2016 (r425145)
+++ head/security/vuxml/vuln.xml Wed Nov 2 12:49:18 2016 (r425146)
@@ -58,6 +58,57 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="cb116651-79db-4c09-93a2-c38f9df46724">
+ <topic>django -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-django</name>
+ <name>py33-django</name>
+ <name>py34-django</name>
+ <name>py35-django</name>
+ <range><lt>1.8.16</lt></range>
+ </package>
+ <package>
+ <name>py27-django18</name>
+ <name>py33-django18</name>
+ <name>py34-django18</name>
+ <name>py35-django18</name>
+ <range><lt>1.9.11</lt></range>
+ </package>
+ <package>
+ <name>py27-django19</name>
+ <name>py33-django19</name>
+ <name>py34-django19</name>
+ <name>py35-django19</name>
+ <range><lt>1.10.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Django project reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2016/nov/01/security-releases/">
+ <p>Today the Django team released Django 1.10.3, Django 1.9.11,
+ and 1.8.16. These releases addresses two security issues
+ detailed below. We encourage all users of Django to upgrade
+ as soon as possible.</p>
+ <ul>
+ <li>User with hardcoded password created when running tests on Oracle</li>
+ <li>DNS rebinding vulnerability when DEBUG=True</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.djangoproject.com/weblog/2016/nov/01/security-releases/</url>
+ <cvename>CVE-2016-9013</cvename>
+ <cvename>CVE-2016-9014</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-01</discovery>
+ <entry>2016-11-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="765feb7d-a0d1-11e6-a881-b499baebfeaf">
<topic>cURL -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list