summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2015-08-18 13:46:47 -0400
committerTim Graham <timograham@gmail.com>2015-08-18 13:46:47 -0400
commit068a80d717ee5a8cf3a6ffbeb0908f2d3ad599dd (patch)
tree941a509ca6fed8c8b0933779d0cc7340974979a9 /docs
parent8cc41ce7a7a8f6bebfdd89d5ab276cd0109f4fc5 (diff)
Added today's issue to the security archive.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/security.txt16
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index d70e3b9046..ce3b88f47f 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -663,3 +663,19 @@ Versions affected
-----------------
* Django 1.8 `(patch) <https://github.com/django/django/commit/8f9a4d3a2bc42f14bb437defd30c7315adbff22c>`__
+
+August 18, 2015 - CVE-2015-5963/CVE-2015-5964
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`CVE-2015-5963 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5963&cid=2>`_
+and
+`CVE-2015-5964 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5964&cid=2>`_:
+Denial-of-service possibility in ``logout()`` view by filling session store.
+`Full description <https://www.djangoproject.com/weblog/2015/aug/18/security-releases/>`__
+
+Versions affected
+-----------------
+
+* Django 1.8 `(patch) <https://github.com/django/django/commit/2eb86b01d7b59be06076f6179a454d0fd0afaff6>`__
+* Django 1.7 `(patch) <https://github.com/django/django/commit/2f5485346ee6f84b4e52068c04e043092daf55f7>`__
+* Django 1.4 `(patch) <https://github.com/django/django/commit/575f59f9bc7c59a5e41a081d1f5f55fc859c5012>`__