git: e6f365339ad1 - main - security/vuxml: Document Django multiple vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 04 Jul 2022 10:55:10 UTC
The branch main has been updated by wen:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e6f365339ad19a19cfc51a64e4bf3cc9e67ffc38
commit e6f365339ad19a19cfc51a64e4bf3cc9e67ffc38
Author: Wen Heping <wen@FreeBSD.org>
AuthorDate: 2022-07-04 10:48:08 +0000
Commit: Wen Heping <wen@FreeBSD.org>
CommitDate: 2022-07-04 10:48:08 +0000
security/vuxml: Document Django multiple vulnerabilities
---
security/vuxml/vuln-2022.xml | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 05e820a7c540..0169678b6318 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,39 @@
+ <vuln vid="5be19b0d-fb85-11ec-95cd-080027b24e86">
+ <topic>Django -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py37-django32</name>
+ <name>py38-django32</name>
+ <name>py39-django32</name>
+ <name>py310-django32</name>
+ <range><lt>3.2.14</lt></range>
+ </package>
+ <package>
+ <name>py38-django40</name>
+ <name>py39-django40</name>
+ <name>py310-django40</name>
+ <range><lt>4.0.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SO-AND-SO reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2022/jul/04/security-releases/">
+ <p>CVE-2022-34265: Potential SQL injection via Trunc(kind) and
+ Extract(lookup_name) arguments.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-34265</cvename>
+ <url>https://www.djangoproject.com/weblog/2022/jul/04/security-releases/</url>
+ </references>
+ <dates>
+ <discovery>2022-06-21</discovery>
+ <entry>2022-07-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f0e45968-faff-11ec-856e-d4c9ef517024">
<topic>OpenSSL -- Bug in RSA implementation for AVX512IFMA</topic>
<affects>