diff options
author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-12-18 10:36:22 +0100 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-12-18 10:36:22 +0100 |
commit | 5a2b9f0b546222e928df91310acb9cf363a6c920 (patch) | |
tree | e524514f3556abb49c0533d83f2a50675d06f650 /docs/releases/security.txt | |
parent | 5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 (diff) | |
download | django-5a2b9f0b546222e928df91310acb9cf363a6c920.tar.gz |
Added CVE-2019-19844 to the security archive.
Diffstat (limited to 'docs/releases/security.txt')
-rw-r--r-- | docs/releases/security.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index e925b8304d..6e0c29223d 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -1042,3 +1042,16 @@ Versions affected * Django 3.0 :commit:`(patch) <092cd66cf3c3e175acce698d6ca2012068d878fa>` * Django 2.2 :commit:`(patch) <36f580a17f0b3cb087deadf3b65eea024f479c21>` * Django 2.1 :commit:`(patch) <103ebe2b5ff1b2614b85a52c239f471904d26244>` + +December 18, 2019 - :cve:`2019-19844` +------------------------------------- + +Potential account hijack via password reset form. `Full description +<https://www.djangoproject.com/weblog/2019/dec/18/security-releases/>`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 3.0 :commit:`(patch) <302a4ff1e8b1c798aab97673909c7a3dfda42c26>` +* Django 2.2 :commit:`(patch) <4d334bea06cac63dc1272abcec545b85136cca0e>` +* Django 1.11 :commit:`(patch) <f4cff43bf921fcea6a29b726eb66767f67753fa2>` |