Add CVE-2021-44420/python-django

author: Salvatore Bonaccorso <carnil@debian.org> 2021-12-07 10:19:24 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-12-07 10:19:24 +0100
commit: b063fb34d3b6b8e71e44bf3eff40f6ba64bc5b13 (patch)
tree: 4b596a49e072db17d558e32fd9f33dd0e638e4b8 /data
parent: d3eedf901afc0ebbeca80058585967f7c77c5189 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 7ba365d2d4..26c86c6a32 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -666,8 +666,13 @@ CVE-2021-44422
 	RESERVED
 CVE-2021-44421
 	RESERVED
-CVE-2021-44420
+CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths]
 	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
+	NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
+	NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
+	NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25)
 CVE-2021-44419
 	RESERVED
 CVE-2021-44418
author	Salvatore Bonaccorso <carnil@debian.org>	2021-12-07 10:19:24 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-12-07 10:19:24 +0100
commit	b063fb34d3b6b8e71e44bf3eff40f6ba64bc5b13 (patch)
tree	4b596a49e072db17d558e32fd9f33dd0e638e4b8 /data
parent	d3eedf901afc0ebbeca80058585967f7c77c5189 (diff)