Re: [CVE request] Django 1.4.6 security release

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/14/2013 02:11 AM, Thijs Kinkhorst wrote:
> On Wed, August 14, 2013 09:42, Kurt Seifried wrote:
> > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> >
> > On 08/13/2013 11:31 PM, Moritz Muehlenhoff wrote:
> > > Hi, this needs two CVE assignments: 
> > > https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
>
> > >
> > Please provide links to the vulnerable code/fixed code thanks.
>
> Links to the patches of the various affected release branches can
> be found at the bottom of the quoted URL.
>
>
> Thijs

For the Issue: Cross-site scripting (XSS) in admin interface please
use CVE-2013-4249 for this issue.

For Issue: Cross-site scripting (XSS) in admin interface I'm going to
consider this as security hardening unless someone tells me otherwise.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSDEWkAAoJEBYNRVNeJnmTro0P/0qTtLEXOwV4O3uKtzR4pnWG
9SAFxmGkZ619OdLgcn3Zk96LaGYBw9l/F2BSl0m9yBNUpnFi5lAvKREJMJBJmQcC
+kzW9Ta/7CP4DZfpH+ROACVD2rKVm857iX5ILFIp8RUcHN4Z1A5JtkR6s7ye0iiQ
dflOtOUtDs9pv4rpL0lhDnlbw/nyW7VA50CmhT+8SyzXp89FKeelFn1r7Pyf3Rld
wF7kVlz4ECziTVhXEQaWSR93j5pYBONnr6sQ6Sa+8vVnIZuOUimMED6a6VAc8wrl
oHiNFz3RRpuUrtP2Jwfd8aPeAiJttRwQfWJm93tz3p0GrvdOs7U84tFoiXJgm9JY
fdSOEChKMqkOjqcwMs1PJrWUKP4OlkKlpIG/Ha2cdzxFyIQYq6ofHdUuGU8t1t8q
ep4XqlxbJhecLdRXPjdkm7qH6bKpccNk7F8V10yla+s2AwBqSQK3iiQkKI19Lalv
yYxteoBGJutWbxz/NmCxS7KvxGJi/XpCdF+DDwdJTV7UauujSbBbOFe28U5rHXXw
1Vzh/YjwJExNLUaIIe/57KTka4XuK0ldPwhV0rcHEN9LVPTYR7BZA0a2gVJl5exg
SNmD7B4CRihAIt79+ocKgtuXUist6s7Mg54MYwOIog/fc1iRX6qptYnb4fTw3gxg
PlvRGQKO/XEv5Q6n5J0Q
=cIus
-----END PGP SIGNATURE-----