[Git][security-tracker-team/security-tracker][master] Triage three recent Django CVEs after consulting the security team.
Chris Lamb (@lamby)
lamby at debian.org
Wed Jan 12 09:58:20 GMT 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09807490 by Chris Lamb at 2022-01-12T09:57:56+00:00
Triage three recent Django CVEs after consulting the security team.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4898,6 +4898,9 @@ CVE-2021-45453
RESERVED
CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
- python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11)
NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26)
@@ -5883,11 +5886,17 @@ CVE-2021-45117
RESERVED
CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
=====================================
data/dla-needed.txt
=====================================
@@ -99,8 +99,6 @@ pillow
pjproject
NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
--
-python-django (Chris Lamb)
---
qt4-x11
NOTE: 20220112: 2 SVG CVEs (CVE-2021-45930,CVE-2021-34812) to fix in both qtsvg-opensource-src and qt4-x11 (Beuc)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09807490bc5924c02b11adb4f85ed9467f50efcf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09807490bc5924c02b11adb4f85ed9467f50efcf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220112/46970574/attachment.htm>
More information about the debian-security-tracker-commits
mailing list