Date: Thu, 12 Sep 2013 16:03:45 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r327080 - head/security/vuxml Message-ID: <201309121603.r8CG3jsG031130@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Thu Sep 12 16:03:45 2013 New Revision: 327080 URL: http://svnweb.freebsd.org/changeset/ports/327080 Log: Document CVE-2013-4315 for www/py-django{,14,-devel} Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Sep 12 15:46:58 2013 (r327079) +++ head/security/vuxml/vuln.xml Thu Sep 12 16:03:45 2013 (r327080) @@ -51,6 +51,41 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a851b305-1bc3-11e3-95b7-00e0814cab4e"> + <topic>django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py26-django</name> + <name>py27-django</name> + <range><ge>1.5</ge><lt>1.5.3</lt></range> + <range><ge>1.4</ge><lt>1.4.7</lt></range> + </package> + <package> + <name>py26-django-devel</name> + <name>py27-django-devel</name> + <range><lt>20130912,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Django project reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/"> + <p>These releases address a directory-traversal vulnerability in one + of Django's built-in template tags. While this issue requires some + fairly specific factors to be exploitable, we encourage all users + of Django to upgrade promptly.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4315</cvename> + </references> + <dates> + <discovery>2013-09-10</discovery> + <entry>2013-09-12</entry> + </dates> + </vuln> + <vuln vid="f8a913cc-1322-11e3-8ffa-20cf30e32f6d"> <topic>svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309121603.r8CG3jsG031130>