[Git][security-tracker-team/security-tracker][master] Add two new python-django issues

Wed Dec 4 18:20:14 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ceec572 by Salvatore Bonaccorso at 2024-12-04T19:19:49+01:00
Add two new python-django issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2024-53908 [Potential SQL injection in HasKey(lhs, rhs) on Oracle]
+	- python-django 3:4.2.17-1
+	NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5 (4.2.17)
+CVE-2024-53907 [Potential denial-of-service in django.utils.html.strip_tags()]
+	- python-django 3:4.2.17-1
+	NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b (4.2.17)
 CVE-2024-53140 [netlink: terminate outstanding dump on socket close]
 	- linux 6.11.10-1
 	[bookworm] - linux 6.1.119-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ceec5721fa139795ccdd9accf5e907992bdf942

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ceec5721fa139795ccdd9accf5e907992bdf942
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/1b1ee36b/attachment.htm>
