diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-02-01 08:17:25 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-02-01 08:54:34 +0100 |
| commit | 047ece3014f688d64e190f0d0c9845e9a7dd11fa (patch) | |
| tree | 6145396676cd1a55459048da0407c66d09d13d8d | |
| parent | 2427b2fee381e17cd8c72e7c404ec149022fecf1 (diff) | |
[2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
Backport of 9e0df0d6dde441dbbad2b548d777e0a01d633286 from main
| -rw-r--r-- | docs/releases/security.txt | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 72c2253fda..8b85b4a981 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -1286,3 +1286,28 @@ Versions affected * Django 3.2 :commit:`(patch) <8d2f7cff76200cbd2337b2cf1707e383eb1fb54b>` * Django 2.2 :commit:`(patch) <4cb35b384ceef52123fc66411a73c36a706825e1>` +February 1, 2022 - :cve:`2022-22818` +------------------------------------ + +Possible XSS via ``{% debug %}`` template tag. `Full description +<https://www.djangoproject.com/weblog/2022/feb/01/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 4.0 :commit:`(patch) <01422046065d2b51f8f613409cad2c81b39487e5>` +* Django 3.2 :commit:`(patch) <1a1e8278c46418bde24c86a65443b0674bae65e2>` +* Django 2.2 :commit:`(patch) <c27a7eb9f40b64990398978152e62b6ff839c2e6>` + +February 1, 2022 - :cve:`2022-23833` +------------------------------------ + +Denial-of-service possibility in file uploads. `Full description +<https://www.djangoproject.com/weblog/2022/feb/01/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 4.0 :commit:`(patch) <f9c7d48fdd6f198a6494a9202f90242f176e4fc9>` +* Django 3.2 :commit:`(patch) <d16133568ef9c9b42cb7a08bdf9ff3feec2e5468>` +* Django 2.2 :commit:`(patch) <c477b761804984c932704554ad35f78a2e230c6a>` |