From owner-svn-ports-head@FreeBSD.ORG Fri Jan 25 01:26:37 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id DF33060B; Fri, 25 Jan 2013 01:26:37 +0000 (UTC) (envelope-from cs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id CC12E25E; Fri, 25 Jan 2013 01:26:37 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0P1QbYI062778; Fri, 25 Jan 2013 01:26:37 GMT (envelope-from cs@svn.freebsd.org) Received: (from cs@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0P1Qb9d062777; Fri, 25 Jan 2013 01:26:37 GMT (envelope-from cs@svn.freebsd.org) Message-Id: <201301250126.r0P1Qb9d062777@svn.freebsd.org> From: Carlo Strub Date: Fri, 25 Jan 2013 01:26:37 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310956 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2013 01:26:37 -0000 Author: cs Date: Fri Jan 25 01:26:37 2013 New Revision: 310956 URL: http://svnweb.freebsd.org/changeset/ports/310956 Log: XSS vulnerability in py-django-cms Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 25 00:41:19 2013 (r310955) +++ head/security/vuxml/vuln.xml Fri Jan 25 01:26:37 2013 (r310956) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> + + django-cms -- XSS Vulnerability + + + py-django-cms + 2.3.4 + + + + +

Cross-site scripting (XSS) vulnerability

+
+

Jonas Obrist reports: The security issue +allows users with limited admin access to elevate their privileges through XSS +injection using the page_attribute template tag. Only users with admin access +and the permission to edit at least one django CMS page object could exploit +this vulnerability. Websites that do not use the page_attribute template tag are +not affected.

+
+ + + + https://www.django-cms.org/en/blog/2012/12/04/2-3-5-security-release/ + + + 2012-12-04 + 2013-01-25 + + + chromium -- multiple vulnerabilities