[4.0.x] Added CVE-2022-34265 to security archive.

Backport of d12d7c4c42814736c24731a6a300a79526fc2ef6 from main
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-07-04 10:27:14 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-07-04 10:34:15 +0200
commit: 6a830bf90048ba0f1beefb80d02d8a39d57f392d (patch)
tree: 206622492a7e6117d08b0b5c05e2c5c0ad14bba8
parent: 90dc60d1a81c0e39cd851ab3e4cf6e471c501b86 (diff)
download: django-6a830bf90048ba0f1beefb80d02d8a39d57f392d.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index b512cc7a7a..2478287668 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,16 @@ Issues under Django's security process
 All security issues have been handled under versions of Django's security
 process. These are listed below.
 
+July 4, 2022 - :cve:`2022-34265`
+--------------------------------
+
+Potential SQL injection via ``Trunc(kind)`` and ``Extract(lookup_name)``
+arguments. `Full description
+<https://www.djangoproject.com/weblog/2022/jul/04/security-releases/>`__
+
+* Django 4.0 :commit:`(patch) <0dc9c016fadb71a067e5a42be30164e3f96c0492>`
+* Django 3.2 :commit:`(patch) <a9010fe5555e6086a9d9ae50069579400ef0685e>`
+
 April 11, 2022 - :cve:`2022-28346`
 ----------------------------------
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-07-04 10:27:14 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-07-04 10:34:15 +0200
commit	6a830bf90048ba0f1beefb80d02d8a39d57f392d (patch)
tree	206622492a7e6117d08b0b5c05e2c5c0ad14bba8
parent	90dc60d1a81c0e39cd851ab3e4cf6e471c501b86 (diff)
download	django-6a830bf90048ba0f1beefb80d02d8a39d57f392d.tar.gz