[Git][security-tracker-team/security-tracker][master] 2 commits: Add bug number for recent Django CVEs.

Chris Lamb lamby at debian.org
Tue Aug 6 10:15:49 BST 2019 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37046140 by Chris Lamb at 2019-08-06T09:15:26Z
Add bug number for recent Django CVEs.

- - - - -
684829d7 by Chris Lamb at 2019-08-06T09:15:27Z
python-django in jessie LTS is not vulnerable to CVE-2019-14235.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1741,23 +1741,24 @@ CVE-2019-14237
 CVE-2019-14236
 	RESERVED
 CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
-	- python-django <unfixed>
+	- python-django <unfixed> (bug #934026)
+	[jessie] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
 	NOTE: https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79 (1.11.x)
 CVE-2019-14234 [SQL injection possibility in key and index lookups for JSONField/HStoreField]
 	RESERVED
-	- python-django <unfixed>
+	- python-django <unfixed> (bug #934026)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
 	NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
 CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
-	- python-django <unfixed>
+	- python-django <unfixed> (bug #934026)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
 	NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
 CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
-	- python-django <unfixed>
+	- python-django <unfixed> (bug #934026)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
 	NOTE: https://github.com/django/django/commit/42a66e969023c00536256469f0e8b8a099ef109d (1.11.x)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b1ecf63ba6e52a6aea4f87cf07239ce8820b11a0...684829d7190a15e1f467e7955135fd09df01bef4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b1ecf63ba6e52a6aea4f87cf07239ce8820b11a0...684829d7190a15e1f467e7955135fd09df01bef4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190806/6f9d933e/attachment.html>

More information about the debian-security-tracker-commits mailing list