[Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2022-2834{6,7}/python-django
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 11 12:20:56 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0cdf35f by Salvatore Bonaccorso at 2022-04-11T13:20:13+02:00
Reference upstream commits for CVE-2022-2834{6,7}/python-django
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1609,10 +1609,18 @@ CVE-2022-28347 [Potential SQL injection via QuerySet.explain(**options) on Postg
RESERVED
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
+ NOTE: https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81 (main)
+ NOTE: https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402 (4.0.4)
+ NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13)
+ NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28)
CVE-2022-28346 [Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()]
RESERVED
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
+ NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main)
+ NOTE: https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60 (4.0.4)
+ NOTE: https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48 (3.2.13)
+ NOTE: https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d (2.2.28)
CVE-2022-28345
RESERVED
CVE-2022-28344
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cdf35f9b00ffac1e2dfe0442f0e4696030f34e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cdf35f9b00ffac1e2dfe0442f0e4696030f34e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220411/7ae83f66/attachment.htm>
More information about the debian-security-tracker-commits
mailing list