FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6b1d8a39-ddb3-11e5-8fa8-14dae9d210b8django -- regression in permissions model

Tim Graham reports:

User with "change" but not "add" permission can create objects for ModelAdmin’s with save_as=True


Discovery 2016-02-01
Entry 2016-02-28
py27-django19
py33-django19
py34-django19
py35-django19
< 1.9.2

py27-django-devel
py33-django-devel
py34-django-devel
py35-django-devel
le 20150709,1

https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
CVE-2016-2048
cb116651-79db-4c09-93a2-c38f9df46724django -- multiple vulnerabilities

The Django project reports:

Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

  • User with hardcoded password created when running tests on Oracle
  • DNS rebinding vulnerability when DEBUG=True

Discovery 2016-11-01
Entry 2016-11-02
py27-django
py33-django
py34-django
py35-django
< 1.8.16

py27-django18
py33-django18
py34-django18
py35-django18
< 1.8.16

py27-django19
py33-django19
py34-django19
py35-django19
< 1.9.11

py27-django110
py33-django110
py34-django110
py35-django110
< 1.10.3

https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
CVE-2016-9013
CVE-2016-9014
dc880d6c-195d-11e7-8c63-0800277dcc69django -- multiple vulnerabilities

Django team reports:

These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

  • Open redirect and possible XSS attack via user-supplied numeric redirect URLs
  • Open redirect vulnerability in django.views.static.serve()

Discovery 2017-04-04
Entry 2017-04-04
py27-django
py33-django
py34-django
py35-django
py36-django
< 1.8.18

py27-django18
py33-django18
py34-django18
py35-django18
py36-django18
< 1.8.18

py27-django19
py33-django19
py34-django19
py35-django19
py36-django19
< 1.9.13

py27-django110
py33-django110
py34-django110
py35-django110
py36-django110
< 1.10.7

https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
CVE-2017-7233
CVE-2017-7234
f9e6c0d1-e4cc-11e5-b2bd-002590263bf5django -- multiple vulnerabilities

Tim Graham reports:

Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

User enumeration through timing difference on password hasher work factor upgrade


Discovery 2016-03-01
Entry 2016-03-08
py27-django
py32-django
py33-django
py34-django
py35-django
< 1.8.10

py27-django18
py32-django18
py33-django18
py34-django18
py35-django18
< 1.8.10

py27-django19
py32-django19
py33-django19
py34-django19
py35-django19
< 1.9.3

py27-django-devel
py32-django-devel
py33-django-devel
py34-django-devel
py35-django-devel
le 20150709,1

CVE-2016-2512
CVE-2016-2513
https://www.djangoproject.com/weblog/2016/mar/01/security-releases/