From owner-svn-ports-all@FreeBSD.ORG Sun Sep 22 10:36:32 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B5A5B7B9; Sun, 22 Sep 2013 10:36:32 +0000 (UTC) (envelope-from lwhsu@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 88F502757; Sun, 22 Sep 2013 10:36:32 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r8MAaW2p040336; Sun, 22 Sep 2013 10:36:32 GMT (envelope-from lwhsu@svn.freebsd.org) Received: (from lwhsu@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r8MAaWdL040335; Sun, 22 Sep 2013 10:36:32 GMT (envelope-from lwhsu@svn.freebsd.org) Message-Id: <201309221036.r8MAaWdL040335@svn.freebsd.org> From: Li-Wen Hsu Date: Sun, 22 Sep 2013 10:36:32 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r327862 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Sep 2013 10:36:32 -0000 Author: lwhsu Date: Sun Sep 22 10:36:31 2013 New Revision: 327862 URL: http://svnweb.freebsd.org/changeset/ports/327862 Log: Document CVE-2013-1443 for www/py-django{,14,-devel} Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Sep 22 10:09:42 2013 (r327861) +++ head/security/vuxml/vuln.xml Sun Sep 22 10:36:31 2013 (r327862) @@ -51,6 +51,48 @@ Note: Please add new entries to the beg --> + + django -- denial-of-service via large passwords + + + py27-django + 1.51.5.4 + 1.41.4.8 + + + py26-django + 1.51.5.4 + 1.41.4.8 + + + py27-django-devel + 20130922,1 + + + py26-django-devel + 20130922,1 + + + + +

The Django project reports:

+
+

These releases address a denial-of-service attack against Django's + authentication framework. All users of Django are encouraged to + upgrade immediately.

+
+ + + + CVE-2013-1443 + https://www.djangoproject.com/weblog/2013/sep/15/security/ + + + 2013-09-15 + 2013-09-22 + + + FreeBSD -- Cross-mount links between nullfs(5) mounts