Date: Sun, 28 Jun 2015 00:23:10 +0100 From: Matthew Wilkes <matthew@...thewwilkes.co.uk> To: oss-security@...ts.openwall.com Subject: CVE Request: Django CMS Hi, Can a CVE be assigned to this issue, please? http://www.django-cms.org/en/blog/2015/06/27/311-3014-release/ It's a CSRF issue around publishing of draft changes in Django CMS. Versions affected are Django CMS <3.0.14 and <3.1.1. I haven't verified its presence in Django CMS <3.0, I'm afraid. The relevant commit is: https://github.com/divio/django-cms/commit/f77cbc607d6e2a62e63287d37ad320109a2cc78a The vendor credits with the discovery: * Sylvain Fankhauser of L//P * Matthew Wilkes of The Code Distillery Thanks, let me know if you'd like more information. Matt
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ