Added CVE-2016-7401 to the security release archive.

author: Tim Graham <timograham@gmail.com> 2016-09-26 18:01:19 -0400
committer: Tim Graham <timograham@gmail.com> 2016-09-26 18:01:19 -0400
commit: 6fe846a8f08dc959003f298b5407e321c6fe3735 (patch)
tree: e9c11508adae0d835888c04539be79d2273523d6 /docs/releases/security.txt
parent: a46742e738b91f79dd7b2e6ecba6dd1604e14d05 (diff)
download: django-6fe846a8f08dc959003f298b5407e321c6fe3735.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 8a9d73de36..898b7f3c30 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -769,3 +769,15 @@ Versions affected
 
 * Django 1.9 `(patch) <https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158>`__
 * Django 1.8 `(patch) <https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d>`__
+
+September 26, 2016 - :cve:`2016-7401`
+-------------------------------------
+
+CSRF protection bypass on a site with Google Analytics. `Full description
+<https://www.djangoproject.com/weblog/2016/sep/26/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 1.9 `(patch) <https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a>`__
+* Django 1.8 `(patch) <https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a>`__
author	Tim Graham <timograham@gmail.com>	2016-09-26 18:01:19 -0400
committer	Tim Graham <timograham@gmail.com>	2016-09-26 18:01:19 -0400
commit	6fe846a8f08dc959003f298b5407e321c6fe3735 (patch)
tree	e9c11508adae0d835888c04539be79d2273523d6 /docs/releases/security.txt
parent	a46742e738b91f79dd7b2e6ecba6dd1604e14d05 (diff)
download	django-6fe846a8f08dc959003f298b5407e321c6fe3735.tar.gz