Date: Tue, 14 Feb 2023 08:49:11 -0500 From: "Dan Langille" <dan@langille.org> To: "Wen Heping" <wen@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: 7cd59a7b0d9c - main - security/vuxml: Document Django multiple vulnerabilities Message-ID: <62b4686d-491e-4224-9ddb-7935bbf7f129@app.fastmail.com> In-Reply-To: <202302141204.31EC4H4m043168@gitrepo.freebsd.org> References: <202302141204.31EC4H4m043168@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 14, 2023, at 7:04 AM, Wen Heping wrote: > The branch main has been updated by wen: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=7cd59a7b0d9c15b24dae177e6feafea107670ff5 > > commit 7cd59a7b0d9c15b24dae177e6feafea107670ff5 > Author: Wen Heping <wen@FreeBSD.org> > AuthorDate: 2023-02-14 12:03:26 +0000 > Commit: Wen Heping <wen@FreeBSD.org> > CommitDate: 2023-02-14 12:03:59 +0000 > > security/vuxml: Document Django multiple vulnerabilities > --- > security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > > diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml > index a3feb1c2e6d7..9cc6385ce320 100644 > --- a/security/vuxml/vuln/2023.xml > +++ b/security/vuxml/vuln/2023.xml > @@ -1,3 +1,44 @@ > + <vuln vid="9c9ee9a6-ac5e-11ed-9323-080027d3a315"> > + <topic>Django -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>py37-django32</name> > + <name>py38-django32</name> > + <name>py39-django32</name> > + <name>py310-django32</name> > + <range><lt>3.2.18</lt></range> > + </package> > + <package> > + <name>py38-django40</name> > + <name>py39-django40</name> > + <name>py310-django40</name> > + <range><lt>4.0.10</lt></range> > + </package> > + <package> > + <name>py38-django41</name> > + <name>py39-django41</name> > + <name>py310-django41</name> > + <range><lt>4.1.7/range> The above has incorrect tags.I think it might be: <range><lt>4.1.7</lt></range> But I'm not sure. > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml"> > + <p>Django reports:</p> > + <blockquote > cite="https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"> > + <p>CVE-2023-24580: Potential denial-of-service vulnerability in > file uploads.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2023-24580</cvename> > + > <url>https://www.djangoproject.com/weblog/2023/feb/14/security-releases/</url> > + </references> > + <dates> > + <discovery>2023-02-01</discovery> > + <entry>2023-02-14</entry> > + </dates> > + </vuln> > + > <vuln vid="0a7a5dfb-aba4-11ed-be2c-001cc0382b2f"> > <topic>GnuTLS -- timing sidechannel in RSA decryption</topic> > <affects> -- Dan Langille dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62b4686d-491e-4224-9ddb-7935bbf7f129>