[1.11.x] Added CVE-2019-3498 to the security release archive.

Backport of 162ae9c9143aa85eb27ea69b446a28973eea4854 from master.
author: Tim Graham <timograham@gmail.com> 2019-01-04 09:24:47 -0500
committer: Tim Graham <timograham@gmail.com> 2019-01-04 09:25:51 -0500
commit: 71e8cdb3a4bfd9edd6b2e098591e042ecd875a9a (patch)
tree: 096048626cb7671692e161567f553ea1bf6e0001 /docs
parent: b4937b70f7edc1dd951cd3d9e75cee04f70665c4 (diff)
download: django-71e8cdb3a4bfd9edd6b2e098591e042ecd875a9a.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index 9ddef50547..6c34c2f1dd 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -909,3 +909,16 @@ Versions affected
 ~~~~~~~~~~~~~~~~~
 
 * Django 2.1 `(patch) <https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851>`__
+
+January 4, 2019 - :cve:`2019-3498`
+----------------------------------
+
+Content spoofing possibility in the default 404 page. `Full description
+<https://www.djangoproject.com/weblog/2019/jan/04/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 2.1 `(patch) <https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b>`__
+* Django 2.0 `(patch) <https://github.com/django/django/commit/9f4ed7c94c62e21644ef5115e393ac426b886f2e>`__
+* Django 1.11 `(patch) <https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a>`__
author	Tim Graham <timograham@gmail.com>	2019-01-04 09:24:47 -0500
committer	Tim Graham <timograham@gmail.com>	2019-01-04 09:25:51 -0500
commit	71e8cdb3a4bfd9edd6b2e098591e042ecd875a9a (patch)
tree	096048626cb7671692e161567f553ea1bf6e0001 /docs
parent	b4937b70f7edc1dd951cd3d9e75cee04f70665c4 (diff)
download	django-71e8cdb3a4bfd9edd6b2e098591e042ecd875a9a.tar.gz