[Git][security-tracker-team/security-tracker][master] Reserve DLA-3024-1 for python-django

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2aeb4d92 by Chris Lamb at 2022-05-26T11:47:59+01:00
Reserve DLA-3024-1 for python-django

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -157927,7 +157927,6 @@ CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are
 CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...)
 	- python-django 2:2.2.11-1 (low; bug #953102)
 	[buster] - python-django 1:1.11.29-1~deb10u1
-	[stretch] - python-django <postponed> (Can be fixed along in a future DSA)
 	[jessie] - python-django <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1
 	NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 May 2022] DLA-3024-1 python-django - security update
+	{CVE-2020-9402}
+	[stretch] - python-django 1:1.10.7-2+deb9u17
 [26 May 2022] DLA-3023-1 puma - security update
 	{CVE-2019-16770 CVE-2020-5247 CVE-2022-23634}
 	[stretch] - puma 3.6.0-1+deb9u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aeb4d9250242cf1408ecb0ddb013976b7f88cf3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aeb4d9250242cf1408ecb0ddb013976b7f88cf3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/82532098/attachment-0001.htm>