[Django] #35473: Typo in historic security advisory
43 views
Skip to first unread message
Django
May 22, 2024, 1:39:24 PM5/22/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-----------------------------------------+------------------------
Reporter: Darakian | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version:
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-----------------------------------------+------------------------
Hey all,
Wanted to raise a very minor issue to you all. I work on the advisory
database for github and had a user come and suggest an improvement on an
old CVE from 2009 (CVE-2009-3965)
See: https://github.com/github/advisory-database/pull/4451
The CVE itself seemed entirely unrelated to me, but then a reference to
some django docs was brought up
https://docs.djangoproject.com/en/3.2/releases/security/#october-9-2009-cve-2009-3965
which references the same CVE id.
I ended up doing some digging and I think what happened is that someone
typoed on that doc and it should have been 3695 rather than 3965
See: https://nvd.nist.gov/vuln/detail/CVE-2009-3695
vs https://nvd.nist.gov/vuln/detail/CVE-2009-3965
Anyway, very minor issue but figured it would be good to report it all the
same so that it can get updated :)
--
Ticket URL: <https://code.djangoproject.com/ticket/35473>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-----------------------------------------+------------------------
Reporter: Darakian | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version:
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-----------------------------------------+------------------------
Hey all,
Wanted to raise a very minor issue to you all. I work on the advisory
database for github and had a user come and suggest an improvement on an
old CVE from 2009 (CVE-2009-3965)
See: https://github.com/github/advisory-database/pull/4451
The CVE itself seemed entirely unrelated to me, but then a reference to
some django docs was brought up
https://docs.djangoproject.com/en/3.2/releases/security/#october-9-2009-cve-2009-3965
which references the same CVE id.
I ended up doing some digging and I think what happened is that someone
typoed on that doc and it should have been 3695 rather than 3965
See: https://nvd.nist.gov/vuln/detail/CVE-2009-3695
vs https://nvd.nist.gov/vuln/detail/CVE-2009-3965
Anyway, very minor issue but figured it would be good to report it all the
same so that it can get updated :)
--
Ticket URL: <https://code.djangoproject.com/ticket/35473>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
May 22, 2024, 1:40:58 PM5/22/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------+--------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Uncategorized | Status: assigned
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+--------------------------------------
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by sammy20d):
* owner: nobody => sammy20d
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:1>
Django
May 22, 2024, 9:36:58 PM5/22/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------+------------------------------------
Reporter: Darakian | Owner: sammy20d
-------------------------------+------------------------------------
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by Tim Graham):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
* stage: Unreviewed => Accepted
* type: Uncategorized => Bug
* version: => dev
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:2>
Django
May 29, 2024, 2:16:06 AM5/29/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------+------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
Comment (by Samruddhi Dharankar):
-------------------------------+------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
Hi, this is my first contribution. I have created a PR. Kindly lemme know
if I missed anything!
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:3>
Django
May 29, 2024, 2:45:21 AM5/29/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------+------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
-------------------------------+------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by Sarah Boyce):
Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:4>
Django
May 29, 2024, 2:46:54 AM5/29/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------------+-------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
Type: Bug | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Sarah Boyce):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:5>
Django
May 29, 2024, 3:26:21 AM5/29/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------------+-------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: closed
-------------------------------------+-------------------------------------
Reporter: Darakian | Owner: sammy20d
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce <42296566+sarahboyce@…>):
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"02dab94c7b8585c7ae3854465574d768e1df75d3" 02dab94]:
{{{#!CommitTicketReference repository=""
revision="02dab94c7b8585c7ae3854465574d768e1df75d3"
Fixed #35473 -- Fixed CVE number in security archive.
Updated to CVE-2009-3695 from CVE-2009-3965.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:6>
Django
Jun 14, 2024, 8:22:34 AM6/14/24
to django-...@googlegroups.com
#35473: Typo in historic security advisory
-------------------------------------+-------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sarah Boyce <42296566+sarahboyce@…>):
-------------------------------------+-------------------------------------
Reporter: Darakian | Owner: sammy20d
Type: Bug | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
In [changeset:"fed3efda15f9ff96714f738c44aa823d63762a8c" fed3efda]:
{{{#!CommitTicketReference repository=""
revision="fed3efda15f9ff96714f738c44aa823d63762a8c"
[5.1.x] Fixed #35473 -- Fixed CVE number in security archive.
Updated to CVE-2009-3695 from CVE-2009-3965.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35473#comment:7>
Reply all
Reply to author
Forward
0 new messages