From nobody Mon Feb 06 01:27:06 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P97sQ5Mm2z3n58d; Mon, 6 Feb 2023 01:27:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P97sQ4tDRz42gZ; Mon, 6 Feb 2023 01:27:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675646826; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1A2a1kYCWpTY6M89q6o1I94G2941NLfCKzOzzTpZlT0=; b=ry4i2weJyHqDqmDAVL47qffUjVyx13aQfKhGpFXtpfW3Pi6iUDI9xTt+mn0YKxTCZszQG9 FumBWzD1UGY02LpduSFnuExtgw0Xm8Eo6dpvJcpexi8Tn/0DYSGR+XTUmKtanBNU5h82u4 yYy+sbkxzxzBqQpN3jKjz+vK7ykp5scz/b8AwQB8fIYHQgwNHzAQEyMtW346WwDxrZh1g4 5FpXZkN6H4wUVSKbwR9UIhSE9AbMUTVSk1Z+PVVYyoncE/pU2hp+PH4d3xBUHCV0DxseDy 25PoB/YLHhjkbEXt8AorG/CugHKy3K175+O6YsHxix3bGZhOKBXqfUg0mPKUWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675646826; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1A2a1kYCWpTY6M89q6o1I94G2941NLfCKzOzzTpZlT0=; b=ON9qfzy8/jA21iETwaDL7unkxVicejVgASkMj/sbWwXOxavlnIP5Lief7l3awBtz4t3omI NFmF0L/82KuDx4ankLpmohKnbDgBhd7XDFjTFiESXo5eyLykHEiq1WoZWo5psL1KwuIm3y hxQ7ZKdmswfTd+1bf3qVHIs5/M7F5SJuCE3KmqKJCTB3J5eVrKDIquyAkkkOB75d5ibcFN sIQh0uTRK/PB+zoD5x/ndw6/aq23CN6U4z7vneILe9KT3Aj6JnKbJNOKR2IJaaxwWfKi/1 v6mCO+VwOJBoC+bEaZFZJQv9RG3VRzZrMfPwXd+KrIiYs+zru2QX5FSt5F/pzA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675646826; a=rsa-sha256; cv=none; b=o6d0/WZW3Fivg5eVvBUNqQWfrL3MgyaC8mVzdmQgpB713RgbtZWUvEg+Xk2qGkaC5Myuy0 8HlD4xOh9hehcQxEeHrC6enRDLfh3QWSAotZ0nbtlGQQFBe94xvF3QwqAWgTK2dVZf0HM/ V460624Yj8KrnZqAAfa7t6Iv2Sg66UA1F6lJSglqi+suhIGAfMu3411TTekRvLIdLwGPoD +OZtK2hFYq4bzkkyuCQScmJn+5Aud4RBF8nZAoqm2+o7ubKY9fymMeNo587rwdOZJJ1ziP nhTbDjwDo1aM1u8HedlvrI4S3kiKkI7GtFIpW7M9AH3D3gI9IBtchUlG9fNORA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P97sQ3xhNzGRP; Mon, 6 Feb 2023 01:27:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3161R6uC061784; Mon, 6 Feb 2023 01:27:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3161R6CM061783; Mon, 6 Feb 2023 01:27:06 GMT (envelope-from git) Date: Mon, 6 Feb 2023 01:27:06 GMT Message-Id: <202302060127.3161R6CM061783@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Wen Heping Subject: git: 5b66b0ddff8c - main - security/vuxml: Document django multiple vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wen X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5b66b0ddff8c0e9fc52fa0b16b25c4f4381956e4 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by wen: URL: https://cgit.FreeBSD.org/ports/commit/?id=5b66b0ddff8c0e9fc52fa0b16b25c4f4381956e4 commit 5b66b0ddff8c0e9fc52fa0b16b25c4f4381956e4 Author: Wen Heping AuthorDate: 2023-02-06 01:25:30 +0000 Commit: Wen Heping CommitDate: 2023-02-06 01:25:30 +0000 security/vuxml: Document django multiple vulnerabilities --- security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index ba7c3d228aad..d1f49c49a55d 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,44 @@ + + Django -- multiple vulnerabilities + + + py37-django32 + py38-django32 + py39-django32 + py310-django32 + 3.2.17 + + + py38-django40 + py39-django40 + py310-django40 + 4.0.9 + + + py38-django41 + py39-django41 + py310-django41 + 4.1.6 + + + + +

Django reports:

+
+

CVE-2023-23969: Potential denial-of-service via Accept-Language headers.

+
+ + + + CVE-2023-23969 + https://www.djangoproject.com/weblog/2023/feb/01/security-releases/ + + + 2023-02-01 + 2023-02-06 + + + kafka -- Denial Of Service vulnerability