From 88d9b28c0c123157a66a288606c16ec5c3486a28 Mon Sep 17 00:00:00 2001
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Date: Thu, 6 May 2021 09:58:24 +0200
Subject: [PATCH] [2.2.x] Added CVE-2021-32052 to security archive.

Backport of efebcc429f048493d6bc710399e65d98081eafd5 from main
---
 docs/releases/security.txt | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 3c231730ec3f8..509cc6ce76940 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -1189,3 +1189,17 @@ Versions affected
 * Django 3.2 :commit:`(patch) <c98f446c188596d4ba6de71d1b77b4a6c5c2a007>`
 * Django 3.1 :commit:`(patch) <25d84d64122c15050a0ee739e859f22ddab5ac48>`
 * Django 2.2 :commit:`(patch) <04ac1624bdc2fa737188401757cf95ced122d26d>`
+
+May 6, 2021 - :cve:`2021-32052`
+-------------------------------
+
+Header injection possibility since ``URLValidator`` accepted newlines in input
+on Python 3.9.5+. `Full description
+<https://www.djangoproject.com/weblog/2021/may/06/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.2 :commit:`(patch) <2d2c1d0c97832860fbd6597977e2aae17dd7e5b2>`
+* Django 3.1 :commit:`(patch) <afb23f5929944a407e4990edef1c7806a94c9879>`
+* Django 2.2 :commit:`(patch) <d9594c4ea57b6309d93879805302cec9ae9f23ff>`