FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
aaab03be-932d-11e7-92d8-4b26fc968492Django -- possible XSS in traceback section of technical 500 debug page

Django blog:

In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG = True (which makes this page accessible) in your production settings.


Discovery 2017-09-05
Entry 2017-09-06
py27-django110
py34-django110
py35-django110
py36-django110
< 1.10.8

py27-django111
py34-django111
py35-django111
py36-django111
< 1.11.5

CVE-2017-12794
https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
cb116651-79db-4c09-93a2-c38f9df46724django -- multiple vulnerabilities

The Django project reports:

Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

  • User with hardcoded password created when running tests on Oracle
  • DNS rebinding vulnerability when DEBUG=True

Discovery 2016-11-01
Entry 2016-11-02
py27-django
py33-django
py34-django
py35-django
< 1.8.16

py27-django18
py33-django18
py34-django18
py35-django18
< 1.8.16

py27-django19
py33-django19
py34-django19
py35-django19
< 1.9.11

py27-django110
py33-django110
py34-django110
py35-django110
< 1.10.3

https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
CVE-2016-9013
CVE-2016-9014
dc880d6c-195d-11e7-8c63-0800277dcc69django -- multiple vulnerabilities

Django team reports:

These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

  • Open redirect and possible XSS attack via user-supplied numeric redirect URLs
  • Open redirect vulnerability in django.views.static.serve()

Discovery 2017-04-04
Entry 2017-04-04
py27-django
py33-django
py34-django
py35-django
py36-django
< 1.8.18

py27-django18
py33-django18
py34-django18
py35-django18
py36-django18
< 1.8.18

py27-django19
py33-django19
py34-django19
py35-django19
py36-django19
< 1.9.13

py27-django110
py33-django110
py34-django110
py35-django110
py36-django110
< 1.10.7

https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
CVE-2017-7233
CVE-2017-7234