Closed MarkLee131 closed 3 months ago
@MarkLee131 was this PR created in error? It doesn't seem like it applies to django to me.
@darakian Hi, this cve was rooted in the TPL, but it caused the vulns within django. the detailed info can be accessed in https://docs.djangoproject.com/en/3.2/releases/security/#october-9-2009-cve-2009-3965.
@MarkLee131, I believe you may have actually discovered a typo in the django docs :) I think the actual CVE is https://nvd.nist.gov/vuln/detail/CVE-2009-3695 rather than https://nvd.nist.gov/vuln/detail/CVE-2009-3965
We have CVE-2009-3695 in our DB as well, but thank you for raising this. I've gone ahead and shared this with the django folk, so we can see if they agree https://code.djangoproject.com/ticket/35473#ticket
Updates
Comments add 2 patches for django: https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495