diff options
author | Chris Lamb <lamby@debian.org> | 2024-02-29 15:16:37 +0000 |
---|---|---|
committer | Chris Lamb <lamby@debian.org> | 2024-02-29 15:17:14 +0000 |
commit | 9d599100d6794a9d239120cf36caad0b97d66f5e (patch) | |
tree | d497bc14c5c015297bfaa94ef778c635b2b9bd9a | |
parent | 7772d53afdd4dda8b7edcfcb6065792e33395ab5 (diff) |
Reserve DLA-3744-1 for python-django
-rw-r--r-- | data/CVE/list | 4 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 6 |
3 files changed, 3 insertions, 10 deletions
diff --git a/data/CVE/list b/data/CVE/list index 97458d801e..eccc5bfbad 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -194168,7 +194168,6 @@ CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secu CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...) {DLA-2676-1} - python-django 2:2.2.24-1 (bug #989394) - [buster] - python-django <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main) NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24) @@ -195118,7 +195117,6 @@ CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4. CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...) {DLA-2676-1} - python-django 2:2.2.24-1 (bug #989394) - [buster] - python-django <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main) NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24) @@ -199678,7 +199676,6 @@ CVE-2021-31543 CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...) {DLA-2651-1} - python-django 2:2.2.21-1 (bug #988053) - [buster] - python-django <no-dsa> (Minor issue) NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/ NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main) NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21) @@ -207407,7 +207404,6 @@ CVE-2021-28659 CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...) {DLA-2622-1} - python-django 2:2.2.20-1 (bug #986447) - [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) diff --git a/data/DLA/list b/data/DLA/list index fc19ba30fb..8561bf9551 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[29 Feb 2024] DLA-3744-1 python-django - security update + {CVE-2021-28658 CVE-2021-31542 CVE-2021-33203 CVE-2021-33571} + [buster] - python-django 1:1.11.29-1+deb10u11 [27 Feb 2024] DLA-3743-1 wpa - security update {CVE-2023-52160} [buster] - wpa 2:2.7+git20190128+0c1e29f-6+deb10u4 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 89a06b15ce..e2623c043b 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -212,12 +212,6 @@ python-asyncssh NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert) -- -python-django (Chris Lamb) - NOTE: 20231006: Added by Front-Desk (Beuc) - NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk) - NOTE: 20231020: ^ CVE-2021-28658, CVE-2021-31542, CVE-2021-33203 & CVE-2021-33571. (lamby) - NOTE: 20231020: Also now vulnerable to CVE-2023-43665. (lamby) --- python-glance-store NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. |