[4.0.x] Added CVE-2022-36359 to security archive.

Backport of 57c7220280db19dc9dda0910b90cf1ceac50c66f from main
author: Carlton Gibson <carlton.gibson@noumenal.es> 2022-08-03 09:09:48 +0200
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2022-08-03 09:10:47 +0200
commit: 898f0aa44fe63c20d7f4125672b8eb800a578ce5 (patch)
tree: bc1737943b684b9643b010f51f15d9bda778c798
parent: 60e6baebf9c53507022dc0ffeec826f02430cb31 (diff)
download: django-898f0aa44fe63c20d7f4125672b8eb800a578ce5.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 2478287668..f039379e0e 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -36,6 +36,16 @@ Issues under Django's security process
 All security issues have been handled under versions of Django's security
 process. These are listed below.
 
+August 3, 2022 - :cve:`2022-36359`
+----------------------------------
+
+Potential reflected file download vulnerability in FileResponse. `Full
+description
+<https://www.djangoproject.com/weblog/2022/aug/03/security-releases/>`__
+
+* Django 4.0 :commit:`(patch) <b7d9529cbe0af4adabb6ea5d01ed8dcce3668fb3>`
+* Django 3.2 :commit:`(patch) <b3e4494d759202a3b6bf247fd34455bf13be5b80>`
+
 July 4, 2022 - :cve:`2022-34265`
 --------------------------------
author	Carlton Gibson <carlton.gibson@noumenal.es>	2022-08-03 09:09:48 +0200
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2022-08-03 09:10:47 +0200
commit	898f0aa44fe63c20d7f4125672b8eb800a578ce5 (patch)
tree	bc1737943b684b9643b010f51f15d9bda778c798
parent	60e6baebf9c53507022dc0ffeec826f02430cb31 (diff)
download	django-898f0aa44fe63c20d7f4125672b8eb800a578ce5.tar.gz