Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Merge pull request #1641 from ubernostrum/security-issues-docs-21121

Fix #21121: Add archive of security issues.
  • Loading branch information...
commit bbabc5325c78a5d591e5c48ddfb8bf9a0a861a68 2 parents 9851484 + a2e25e8
Russell Keith-Magee authored September 18, 2013
6  docs/internals/security.txt
... ...
@@ -1,3 +1,5 @@
  1
+.. _internals-security:
  2
+
1 3
 ==========================
2 4
 Django's security policies
3 5
 ==========================
@@ -126,6 +128,10 @@ may privately contact and discuss those issues with the appropriate
126 128
 maintainers, and coordinate our own disclosure and resolution with
127 129
 theirs.
128 130
 
  131
+The Django team also maintains an :ref:`archive of security issues
  132
+disclosed in Django <security-releases>`.
  133
+
  134
+
129 135
 .. _security-notifications:
130 136
 
131 137
 Who receives advance notification
10  docs/releases/index.txt
@@ -112,6 +112,16 @@ Pre-1.0 releases
112 112
    0.96
113 113
    0.95
114 114
 
  115
+Security releases
  116
+=================
  117
+
  118
+Whenever a security issue is disclosed via :ref:`Django's security
  119
+policies <internals-security>`, appropriate release notes are now
  120
+added to all affected release series.
  121
+
  122
+Additionally, :ref:`an archive of disclosed security issues
  123
+<security-releases>` is maintained.
  124
+
115 125
 Development releases
116 126
 ====================
117 127
 
527  docs/releases/security.txt
... ...
@@ -0,0 +1,527 @@
  1
+.. _security-releases:
  2
+
  3
+==========================
  4
+Archive of security issues
  5
+==========================
  6
+
  7
+Django's development team is strongly committed to responsible
  8
+reporting and disclosure of security-related issues, as outlined in
  9
+:ref:`Django's security policies <internals-security>`.
  10
+
  11
+As part of that commitment, we maintain the following historical list
  12
+of issues which have been fixed and disclosed. For each issue, the
  13
+list below includes the date, a brief description, the `CVE identifier
  14
+<http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures>`_
  15
+if applicable, a list of affected versions, a link to the full
  16
+disclosure and links to the appropriate patch(es).
  17
+
  18
+Some important caveats apply to this information:
  19
+
  20
+* Lists of affected versions include only those versions of Django
  21
+  which had stable, security-supported releases at the time of
  22
+  disclosure. This means older versions (whose security support had
  23
+  expired) and versions which were in pre-release (alpha/beta/RC)
  24
+  states at the time of disclosure may have been affected, but are not
  25
+  listed.
  26
+
  27
+* The Django project has on occasion issued security advisories,
  28
+  pointing out potential security problems which can arise from
  29
+  improper configuration or from other issues outside of Django
  30
+  itself. Some of these advisories have received CVEs; when that is
  31
+  the case, they are listed here, but as they have no accompanying
  32
+  patches or releases, only the description, disclosure and CVE will
  33
+  be listed.
  34
+
  35
+
  36
+Issues prior to Django's security process
  37
+=========================================
  38
+
  39
+Some security issues were handled before Django had a formalized
  40
+security process in use. For these, new releases may not have been
  41
+issued at the time and CVEs may not have been assigned.
  42
+
  43
+
  44
+August 16, 2006
  45
+---------------
  46
+
  47
+* **Issues:**
  48
+
  49
+    * Filename validation issue in translation framework: `CVE-2007-0404 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0404&cid=3>`_
  50
+
  51
+* **Versions affected:**
  52
+
  53
+    * Django 0.90
  54
+
  55
+    * Django 0.91
  56
+
  57
+* `Full description <https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/>`_
  58
+
  59
+* Patch: `unified 0.90/0.91 <https://github.com/django/django/commit/518d406e53>`_
  60
+
  61
+
  62
+January 21, 2007
  63
+----------------
  64
+
  65
+* **Issues:**
  66
+
  67
+    * Patch CVE-2007-0404  for Django 0.95
  68
+
  69
+    * Apparent "caching" of authenticated user: `CVE-2007-0405 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0405&cid=3>`_
  70
+
  71
+* **Versions affected:**
  72
+
  73
+    * Django 0.95
  74
+
  75
+* `Full description <https://www.djangoproject.com/weblog/2007/jan/21/0951/>`_
  76
+
  77
+* **Patches:**
  78
+
  79
+    * `2006-08-26 issue <https://github.com/django/django/commit/a132d411c6>`_
  80
+
  81
+    * `User caching issue <https://github.com/django/django/commit/e89f0a6558>`_
  82
+
  83
+
  84
+
  85
+Issues under Django's security process
  86
+======================================
  87
+
  88
+All other security issues have been handled under versions of Django's
  89
+security process. These are listed below.
  90
+
  91
+
  92
+October 26, 2007
  93
+----------------
  94
+
  95
+* **Issues:**
  96
+
  97
+    * Denial-of-service via arbitrarily-large ``Accept-Language`` header: `CVE-2007-5712 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5712&cid=3>`_
  98
+
  99
+* **Versions affected:**
  100
+
  101
+    * Django 0.91
  102
+
  103
+    * Django 0.95
  104
+
  105
+    * Django 0.96
  106
+
  107
+* `Full description <https://www.djangoproject.com/weblog/2007/oct/26/security-fix/>`_
  108
+
  109
+* **Patches:**
  110
+
  111
+    * `0.91 <https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81>`_
  112
+
  113
+    * `0.95 <https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234>`_
  114
+
  115
+    * `0.96 <https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f>`_
  116
+
  117
+
  118
+May 14, 2008
  119
+------------
  120
+
  121
+* **Issues:**
  122
+
  123
+    * XSS via admin login redirect: `CVE-2008-2302 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2302&cid=3>`_
  124
+
  125
+* **Versions affected:**
  126
+
  127
+    * Django 0.91
  128
+
  129
+    * Django 0.95
  130
+
  131
+    * Django 0.96
  132
+
  133
+* `Full description <https://www.djangoproject.com/weblog/2008/may/14/security/>`_
  134
+
  135
+* **Patches:**
  136
+
  137
+    * `0.91 <https://github.com/django/django/commit/50ce7fb57d>`_
  138
+
  139
+    * `0.95 <https://github.com/django/django/commit/50ce7fb57d>`_
  140
+
  141
+    * `0.96 <https://github.com/django/django/commit/7791e5c050>`_
  142
+
  143
+
  144
+September 2, 2008
  145
+=================
  146
+
  147
+* **Issues:**
  148
+
  149
+    * CSRF via preservation of POST data during admin login: `CVE-2008-3909 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3909&cid=3>`_
  150
+
  151
+* Versions affected
  152
+
  153
+    * Django 0.91
  154
+
  155
+    * Django 0.95
  156
+
  157
+    * Django 0.96
  158
+
  159
+* `Full description <https://www.djangoproject.com/weblog/2008/sep/02/security/>`_
  160
+
  161
+* **Patches:**
  162
+
  163
+    * `0.91 <https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752>`_
  164
+
  165
+    * `0.95 <https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81>`_
  166
+
  167
+    * `0.96 <https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e>`_
  168
+
  169
+
  170
+July 28, 2009
  171
+=============
  172
+
  173
+* **Issues:**
  174
+
  175
+    * Directory-traversal in development server media handler: `CVE-2009-2659 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2659&cid=3>`_
  176
+
  177
+* **Versions affected:**
  178
+
  179
+    * Django 0.96
  180
+
  181
+    * Django 1.0
  182
+
  183
+* `Full description <https://www.djangoproject.com/weblog/2009/jul/28/security/>`_
  184
+
  185
+* **Patches:**
  186
+
  187
+    * `0.96 <https://github.com/django/django/commit/da85d76fd6>`_
  188
+
  189
+    * `1.0 <https://github.com/django/django/commit/df7f917b7f>`_
  190
+
  191
+
  192
+October 9, 2009
  193
+===============
  194
+
  195
+* **Issues:**
  196
+
  197
+    * Denial-of-service via pathological regular expression performance: `CVE-2009-3965 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3695&cid=3>`_
  198
+
  199
+* **Versions affected:**
  200
+
  201
+    * Django 1.0
  202
+
  203
+    * Django 1.1
  204
+
  205
+* `Full description <https://www.djangoproject.com/weblog/2009/oct/09/security/>`_
  206
+
  207
+* **Patches:**
  208
+
  209
+    * `1.0 <https://github.com/django/django/commit/594a28a904>`_
  210
+
  211
+    * `1.1 <https://github.com/django/django/commit/e3e992e18b>`_
  212
+
  213
+
  214
+September 8, 2010
  215
+=================
  216
+
  217
+* **Issues:**
  218
+
  219
+    * XSS via trusting unsafe cookie value: `CVE-2010-3082 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3082&cid=3>`_
  220
+
  221
+* **Versions affected:**
  222
+
  223
+    * Django 1.2
  224
+
  225
+* `Full description <https://www.djangoproject.com/weblog/2010/sep/08/security-release/>`_
  226
+
  227
+* **Patches:**
  228
+
  229
+    * `1.2 <https://github.com/django/django/commit/7f84657b6b>`_
  230
+
  231
+
  232
+December 22, 2010
  233
+=================
  234
+
  235
+* **Issues:**
  236
+
  237
+    * Information leakage in administrative interface: `CVE-2010-4534 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4534&cid=3>`_
  238
+
  239
+    * Denial-of-service in password-reset mechanism: `CVE-2010-4535 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4535&cid=2>`_
  240
+
  241
+* **Versions affected:**
  242
+
  243
+    * Django 1.1
  244
+
  245
+    * Django 1.2
  246
+
  247
+* `Full description <https://www.djangoproject.com/weblog/2010/dec/22/security/>`_
  248
+
  249
+* **Patches:**
  250
+
  251
+    * `1.1 CVE-2010-4534 <https://github.com/django/django/commit/17084839fd>`_
  252
+
  253
+    * `1.1 CVE-2010-4535 <https://github.com/django/django/commit/7f8dd9cbac>`_
  254
+
  255
+    * `1.2 CVE-2010-4534 <https://github.com/django/django/commit/85207a245b>`_
  256
+
  257
+    * `1.2 CVE-2010-4535 <https://github.com/django/django/commit/d5d8942a16>`_
  258
+
  259
+
  260
+February 8, 2011
  261
+================
  262
+
  263
+* **Issues:**
  264
+
  265
+    * CSRF via forged HTTP headers: `CVE-2011-0696 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0696&cid=2>`_
  266
+
  267
+    * XSS via unsanitized names of uploaded files: `CVE-2011-0697 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0697&cid=2>`_
  268
+
  269
+    * Directory-traversal on Windows via incorrect path-separator handling: `CVE-2011-0698 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0698&cid=2>`_
  270
+
  271
+* **Versions affected:**
  272
+
  273
+    * Django 1.1
  274
+
  275
+    * Django 1.2
  276
+
  277
+* `Full description <https://www.djangoproject.com/weblog/2011/feb/08/security/>`_
  278
+
  279
+* **Patches:**
  280
+
  281
+    * `1.1 CVE-2010-0696 <https://github.com/django/django/commit/408c5c873c>`_
  282
+
  283
+    * `1.1 CVE-2010-0697 <https://github.com/django/django/commit/1966786d2d>`_
  284
+
  285
+    * `1.1 CVE-2010-0698 <https://github.com/django/django/commit/570a32a047>`_
  286
+
  287
+    * `1.2 CVE-2010-0696 <https://github.com/django/django/commit/818e70344e>`_
  288
+
  289
+    * `1.2 CVE-2010-0697 <https://github.com/django/django/commit/1f814a9547>`_
  290
+
  291
+    * `1.2 CVE-2010-0698 <https://github.com/django/django/commit/194566480b>`_
  292
+
  293
+
  294
+September 9, 2011
  295
+=================
  296
+
  297
+* **Issues:**
  298
+
  299
+    * Session manipulation when using memory-cache-backed session: `CVE-2011-4136 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4136&cid=2>`_
  300
+
  301
+    * Denial-of-service via via ``URLField.verify_exists``: `CVE-2011-4137 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4137&cid=2>`_
  302
+
  303
+    * Information leakage/arbitrary request issuance via ``URLField.verify_exists``: `CVE-2011-4138 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4138&cid=2>`_
  304
+
  305
+    * ``Host`` header cache poisoning: `CVE-2011-4139 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139&cid=2>`_
  306
+
  307
+* Advisories:
  308
+
  309
+    * Potential CSRF via ``Host`` header: `CVE-2011-4140 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140&cid=2>`_
  310
+
  311
+* **Versions affected:**
  312
+
  313
+    * Django 1.2
  314
+
  315
+    * Django 1.3
  316
+
  317
+* `Full description <https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/>`_
  318
+
  319
+* **Patches:**
  320
+
  321
+    * `1.2 CVE-2011-4136 <https://github.com/django/django/commit/ac7c3a110f>`_
  322
+
  323
+    * `1.2 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/7268f8af86>`_
  324
+
  325
+    * `1.2 CVE-2011-4139 <https://github.com/django/django/commit/c613af4d64>`_
  326
+
  327
+    * `1.3 CVE-2011-4136 <https://github.com/django/django/commit/fbe2eead2f>`_
  328
+
  329
+    * `1.3 CVE-2011-4137 and CVE-2011-4138 <https://github.com/django/django/commit/1a76dbefdf>`_
  330
+
  331
+    * `1.3 CVE-2011-4139 <https://github.com/django/django/commit/2f7fadc38e>`_
  332
+
  333
+
  334
+July 30, 2012
  335
+=============
  336
+
  337
+* **Issues:**
  338
+
  339
+    * XSS via failure to validate redirect scheme: `CVE-2012-3442 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3442&cid=2>`_
  340
+
  341
+    * Denial-of-service via compressed image files: `CVE-2012-3443 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3443&cid=2>`_
  342
+
  343
+    * Denial-of-service via large image viles: `CVE-2012-3444 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3444&cid=2>`_
  344
+
  345
+* **Versions affected:**
  346
+
  347
+    * Django 1.3
  348
+
  349
+    * Django 1.4
  350
+
  351
+* `Full description <https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/>`_
  352
+
  353
+* **Patches:**
  354
+
  355
+    * `1.3 CVE-2012-3442 <https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d>`_
  356
+
  357
+    * `1.3 CVE-2012-3443 <https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446>`_
  358
+
  359
+    * `1.3 CVE-2012-3444 <https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155>`_
  360
+
  361
+    * `1.4 CVE-2012-3442 <https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1>`_
  362
+
  363
+    * `1.4 CVE-2012-3443 <https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141>`_
  364
+
  365
+    * `1.4 CVE-2012-3444 <https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6>`_
  366
+
  367
+
  368
+October 17, 2012
  369
+================
  370
+
  371
+* **Issues:**
  372
+
  373
+    * ``Host`` header poisoning: `CVE-2012-4520 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4520&cid=2`_
  374
+
  375
+* **Versions affected:**
  376
+
  377
+    * Django 1.3
  378
+
  379
+    * Django 1.4
  380
+
  381
+* `Full description <https://www.djangoproject.com/weblog/2012/oct/17/security/>`_
  382
+
  383
+* **Patches:**
  384
+
  385
+    * `1.3 <https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071>`_
  386
+
  387
+    * `1.4 <https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3>`_
  388
+
  389
+
  390
+December 10, 2012
  391
+=================
  392
+
  393
+* **Issues:**
  394
+
  395
+    * Additional hardening of ``Host`` header handling (no CVE issued)
  396
+
  397
+    * Additional hardening of redirect validation (no CVE issued)
  398
+
  399
+* **Versions affected:**
  400
+
  401
+    * Django 1.3
  402
+
  403
+    * Django 1.4
  404
+
  405
+* `Full description <https://www.djangoproject.com/weblog/2012/dec/10/security/>`_
  406
+
  407
+* **Patches:**
  408
+
  409
+    * `1.3 Host hardening <https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b>`_
  410
+
  411
+    * `1.3 redirect hardening <https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343>`_
  412
+
  413
+    * `1.4 Host hardening <https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09>`_
  414
+
  415
+    * `1.4 redirect hardning <https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652>`_
  416
+
  417
+
  418
+February 19, 2013
  419
+=================
  420
+
  421
+* **Issues:**
  422
+
  423
+    * Additional hardening of ``Host`` header handling (no CVE issued)
  424
+
  425
+    * Entity-based attacks against Python XML libraries: `CVE-2013-1664 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1664&cid=2>`_ and `CVE-2013-1665 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1665&cid=2>`_
  426
+
  427
+    * Information leakage via admin history log: `CVE-2013-0305 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0305&cid=2>`_
  428
+
  429
+    * Denial-of-service via formset ``max_num`` bypass `CVE-2013-0306 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0306&cid=2>`_
  430
+
  431
+* **Versions affected:**
  432
+
  433
+    * Django 1.3
  434
+
  435
+    * Django 1.4
  436
+
  437
+* Full description <https://www.djangoproject.com/weblog/2013/feb/19/security/>`_
  438
+
  439
+* **Patches:**
  440
+
  441
+    * `1.3 Host hardening <https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253>`_
  442
+
  443
+    * `1.3 XML attacks <https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112>`_
  444
+
  445
+    * `1.3 CVE-2013-0305 <https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35>`_
  446
+
  447
+    * `1.3 CVE-2013-0306 <https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727>`_
  448
+
  449
+    * `1.4 Host hardening <https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8>`_
  450
+
  451
+    * `1.4 XML attacks <https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40>`_
  452
+
  453
+    * `1.4 CVE-2013-0305 <https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6>`_
  454
+
  455
+    * `1.4 CVE-2013-0306 <https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0>`_
  456
+
  457
+
  458
+August 13, 2013
  459
+===============
  460
+
  461
+* **Issues:**
  462
+
  463
+    * XSS via admin trusting ``URLField`` values (CVE not yet issued)
  464
+
  465
+    * Possible XSS via unvalidated URL redirect schemes (CVE not yet issued)
  466
+
  467
+* **Versions affected:**
  468
+
  469
+    * Django 1.4 (redirect scheme issue only)
  470
+
  471
+    * Django 1.5
  472
+
  473
+* Full description <https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/>`_
  474
+
  475
+* **Patches:**
  476
+
  477
+    * `1.4 redirect validation <https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a>`_
  478
+
  479
+    * `1.5 URLField trusting <https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78>`_
  480
+
  481
+    * `1.5 redirect validation <https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f>`_
  482
+
  483
+
  484
+September 10, 2013
  485
+==================
  486
+
  487
+* **Issues:**
  488
+
  489
+    * Directory-traversal via ``ssi`` template tag: `CVE-2013-4315 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4315&cid=2>`_
  490
+
  491
+* **Versions affected:**
  492
+
  493
+    * Django 1.4
  494
+
  495
+    * Django 1.5
  496
+
  497
+* `Full description <https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/>`_
  498
+
  499
+* **Patches:**
  500
+
  501
+    * `1.4 CVE-2013-4315 <https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896>`_
  502
+
  503
+    * `1.5 CVE-2013-4315 <https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca>`_
  504
+
  505
+
  506
+September 14, 2013
  507
+==================
  508
+
  509
+* **Issues:**
  510
+
  511
+    * Denial-of-service via large passwords: CVE-2013-1443
  512
+
  513
+* **Versions affected:**
  514
+
  515
+    * Django 1.4
  516
+
  517
+    * Django 1.5
  518
+
  519
+* `Full description <https://www.djangoproject.com/weblog/2013/sep/15/security/>`_
  520
+
  521
+* **Patches:**
  522
+
  523
+    * `1.4 CVE-2013-1443 <https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368>`_ and `Python compatibility fix <https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714>`_
  524
+
  525
+    * `1.5 CVE-2013-1443 <https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc>`_
  526
+
  527
+      

0 notes on commit bbabc53

Please sign in to comment.
Something went wrong with that request. Please try again.