Reserve DLA-3744-1 for python-django

3 files changed, 3 insertions, 10 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 97458d801e..eccc5bfbad 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -194168,7 +194168,6 @@ CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secu
 CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4,  ...)
 	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
-	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
 	NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24)
@@ -195118,7 +195117,6 @@ CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.
 CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a  ...)
 	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
-	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
 	NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24)
@@ -199678,7 +199676,6 @@ CVE-2021-31543
 CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
 	{DLA-2651-1}
 	- python-django 2:2.2.21-1 (bug #988053)
-	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
 	NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
 	NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21)
@@ -207407,7 +207404,6 @@ CVE-2021-28659
 CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,  ...)
 	{DLA-2622-1}
 	- python-django 2:2.2.20-1 (bug #986447)
-	[buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
 	NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
 	NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20)
diff --git a/data/DLA/list b/data/DLA/list
index fc19ba30fb..8561bf9551 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[29 Feb 2024] DLA-3744-1 python-django - security update
+	{CVE-2021-28658 CVE-2021-31542 CVE-2021-33203 CVE-2021-33571}
+	[buster] - python-django 1:1.11.29-1+deb10u11
 [27 Feb 2024] DLA-3743-1 wpa - security update
 	{CVE-2023-52160}
 	[buster] - wpa 2:2.7+git20190128+0c1e29f-6+deb10u4
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 89a06b15ce..e2623c043b 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -212,12 +212,6 @@ python-asyncssh
   NOTE: 20240116: Added by Front-Desk (lamby)
   NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert)
 --
-python-django (Chris Lamb)
-  NOTE: 20231006: Added by Front-Desk (Beuc)
-  NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk)
-  NOTE: 20231020: ^ CVE-2021-28658, CVE-2021-31542, CVE-2021-33203 & CVE-2021-33571. (lamby)
-  NOTE: 20231020: Also now vulnerable to CVE-2023-43665. (lamby)
---
 python-glance-store
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.