[Git][security-tracker-team/security-tracker][master] Django DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Aug 3 21:43:10 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e065ac2b by Moritz Mühlenhoff at 2023-08-03T22:42:51+02:00
Django DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -10889,6 +10889,7 @@ CVE-2023-31048
CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...)
{DLA-3415-1}
- python-django 3:3.2.19-1 (bug #1035467)
+ [bullseye] - python-django 2:2.2.28-1~deb11u2
NOTE: https://www.djangoproject.com/weblog/2023/may/03/security-releases/
NOTE: https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b (main)
NOTE: https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965 (3.2.19)
@@ -30616,6 +30617,7 @@ CVE-2023-0526 (The Post Shortcode WordPress plugin through 2.0.9 does not valida
CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Django 3.2 ...)
{DLA-3329-1}
- python-django 3:3.2.18-1 (bug #1031290)
+ [bullseye] - python-django 2:2.2.28-1~deb11u2
NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18)
CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...)
@@ -32414,6 +32416,7 @@ CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart
CVE-2023-23969 (In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...)
{DLA-3306-1}
- python-django 3:3.2.17-1 (bug #1030251)
+ [bullseye] - python-django 2:2.2.28-1~deb11u2
NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4
NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17)
CVE-2023-23968
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[03 Aug 2023] DSA-5465-1 python-django - security update
+ {CVE-2023-36053}
+ [bullseye] - python-django 2:2.2.28-1~deb11u2
+ [bookworm] - python-django 3:3.2.19-1+deb12u1
[03 Aug 2023] DSA-5464-1 firefox-esr - security update
{CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4055 CVE-2023-4056}
[bullseye] - firefox-esr 102.14.0esr-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -60,8 +60,6 @@ php-horde-turba/oldstable
--
py7zr/oldstable
--
-python-django (jmm)
---
python-glance-store/oldstable
--
python-os-brick/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e065ac2bb8b92d7b847e7568c5dffde4ec89337d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e065ac2bb8b92d7b847e7568c5dffde4ec89337d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230803/cee784ca/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list