[2.2.x] Added CVE-2019-19844 to the security archive.

Backport of 5a2b9f0b546222e928df91310acb9cf363a6c920 from master
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-12-18 10:36:22 +0100
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-12-18 10:39:38 +0100
commit: 813b33eec4d3fef8c5c3d4bfbc6ac90a248680c6 (patch)
tree: 69677d7a9c438ce0e45025e99e837eea6327c02d
parent: e7286122b42d863bc1e97a846330cc63303f1c21 (diff)
download: django-813b33eec4d3fef8c5c3d4bfbc6ac90a248680c6.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index e925b8304d..6e0c29223d 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -1042,3 +1042,16 @@ Versions affected
 * Django 3.0 :commit:`(patch) <092cd66cf3c3e175acce698d6ca2012068d878fa>`
 * Django 2.2 :commit:`(patch) <36f580a17f0b3cb087deadf3b65eea024f479c21>`
 * Django 2.1 :commit:`(patch) <103ebe2b5ff1b2614b85a52c239f471904d26244>`
+
+December 18, 2019 - :cve:`2019-19844`
+-------------------------------------
+
+Potential account hijack via password reset form. `Full description
+<https://www.djangoproject.com/weblog/2019/dec/18/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.0 :commit:`(patch) <302a4ff1e8b1c798aab97673909c7a3dfda42c26>`
+* Django 2.2 :commit:`(patch) <4d334bea06cac63dc1272abcec545b85136cca0e>`
+* Django 1.11 :commit:`(patch) <f4cff43bf921fcea6a29b726eb66767f67753fa2>`
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-12-18 10:36:22 +0100
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-12-18 10:39:38 +0100
commit	813b33eec4d3fef8c5c3d4bfbc6ac90a248680c6 (patch)
tree	69677d7a9c438ce0e45025e99e837eea6327c02d
parent	e7286122b42d863bc1e97a846330cc63303f1c21 (diff)
download	django-813b33eec4d3fef8c5c3d4bfbc6ac90a248680c6.tar.gz