diff options
| author | Tim Graham <timograham@gmail.com> | 2016-02-01 12:42:37 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-02-01 12:43:02 -0500 |
| commit | 34fae0a4f7b0702cf9e4c72a8a3b82040a426595 (patch) | |
| tree | 462e72d513ea38b2d5865266d9ff0c0416dbb1eb /docs | |
| parent | cc3694493502784ac6c81317dc48d77d035c7ad1 (diff) | |
[1.9.x] Added CVE-2016-2048 to the security archive.
Backport of ecd502cfdb57706dd0e84d9928934bcae6b1ef25 from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/security.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index cbd5585244..ddb4871a7b 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -690,3 +690,15 @@ Versions affected * Django 1.8 `(patch) <https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991>`__ * Django 1.7 `(patch) <https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172>`__ + +February 1, 2016 -- CVE-2016-2048 +--------------------------------- + +`CVE-2016-2048 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2048&cid=2>`_: +User with "change" but not "add" permission can create objects for ``ModelAdmin``’s with ``save_as=True``. +`Full description <https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 1.9 `(patch) <https://github.com/django/django/commit/adbca5e4db42542575734b8e5d26961c8ada7265>`__ |
