diff options
author | Chris Lamb <lamby@debian.org> | 2022-01-12 09:57:56 +0000 |
---|---|---|
committer | Chris Lamb <lamby@debian.org> | 2022-01-12 09:57:56 +0000 |
commit | 09807490bc5924c02b11adb4f85ed9467f50efcf (patch) | |
tree | 1d26a59dd53b647981630a46e165ab40008ec1be /data | |
parent | e0eab0f132f0525830d948cc39d39dacd300903d (diff) |
Triage three recent Django CVEs after consulting the security team.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 9 | ||||
-rw-r--r-- | data/dla-needed.txt | 2 |
2 files changed, 9 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1cd1b4411c..e558f55f81 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -4898,6 +4898,9 @@ CVE-2021-45453 RESERVED CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...) - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django <postponed> (Minor issue; fix in next update) + [buster] - python-django <postponed> (Minor issue; fix in next update) + [stretch] - python-django <postponed> (Minor issue; fix in next update) NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11) NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26) @@ -5883,11 +5886,17 @@ CVE-2021-45117 RESERVED CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django <postponed> (Minor issue; fix in next update) + [buster] - python-django <postponed> (Minor issue; fix in next update) + [stretch] - python-django <postponed> (Minor issue; fix in next update) NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11) NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26) CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django <postponed> (Minor issue; fix in next update) + [buster] - python-django <postponed> (Minor issue; fix in next update) + [stretch] - python-django <postponed> (Minor issue; fix in next update) NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11) NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 90ac0127f4..4163acc753 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -99,8 +99,6 @@ pillow pjproject NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- -python-django (Chris Lamb) --- qt4-x11 NOTE: 20220112: 2 SVG CVEs (CVE-2021-45930,CVE-2021-34812) to fix in both qtsvg-opensource-src and qt4-x11 (Beuc) -- |