[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7471/python-django

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75e7f6bd by Salvatore Bonaccorso at 2020-02-03T15:53:46+01:00
Add CVE-2020-7471/python-django

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2321,8 +2321,14 @@ CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a h
 	[buster] - libsolv <no-dsa> (Minor issue)
 	[stretch] - libsolv <no-dsa> (Minor issue)
 	NOTE: https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)
-CVE-2020-7471
-	RESERVED
+CVE-2020-7471 [Potential SQL injection via StringAgg(delimiter)]
+	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
+	NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master)
+	NOTE: https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b (3.0.3)
+	NOTE: https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147 (2.2.10)
+	NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28)
 CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the  ...)
 	NOT-FOR-US: Sonoff TH 10 and 16 devices
 CVE-2020-7469



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75e7f6bd0c25f2dcda17a93622e7fd293e98d8d5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/75e7f6bd0c25f2dcda17a93622e7fd293e98d8d5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200203/b62fcedf/attachment.html>