summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2021-05-06 09:58:24 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2021-05-06 10:03:45 +0200
commit0262579f2e2ede5f8f273cd789b73729200ca047 (patch)
treeab02f6336da9c59a048b0aeaeda72cba11a77c83
parent40ad501425a021d8223991f88a2adf686a01e153 (diff)
[3.2.x] Added CVE-2021-32052 to security archive.
Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main
-rw-r--r--docs/releases/security.txt14
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 847abd9cac..4f755f4381 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,20 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security
process. These are listed below.
+May 6, 2021 - :cve:`2021-32052`
+-------------------------------
+
+Header injection possibility since ``URLValidator`` accepted newlines in input
+on Python 3.9.5+. `Full description
+<https://www.djangoproject.com/weblog/2021/may/06/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.2 :commit:`(patch) <2d2c1d0c97832860fbd6597977e2aae17dd7e5b2>`
+* Django 3.1 :commit:`(patch) <afb23f5929944a407e4990edef1c7806a94c9879>`
+* Django 2.2 :commit:`(patch) <d9594c4ea57b6309d93879805302cec9ae9f23ff>`
+
May 4, 2021 - :cve:`2021-31542`
-------------------------------