[Git][security-tracker-team/security-tracker][master] Reserve DLA-3744-1 for python-django

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d599100 by Chris Lamb at 2024-02-29T15:17:14+00:00
Reserve DLA-3744-1 for python-django

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -194168,7 +194168,6 @@ CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secu
 CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4,  ...)
 	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
-	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
 	NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24)
@@ -195118,7 +195117,6 @@ CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.
 CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a  ...)
 	{DLA-2676-1}
 	- python-django 2:2.2.24-1 (bug #989394)
-	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
 	NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
 	NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24)
@@ -199678,7 +199676,6 @@ CVE-2021-31543
 CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
 	{DLA-2651-1}
 	- python-django 2:2.2.21-1 (bug #988053)
-	[buster] - python-django <no-dsa> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
 	NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
 	NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21)
@@ -207407,7 +207404,6 @@ CVE-2021-28659
 CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,  ...)
 	{DLA-2622-1}
 	- python-django 2:2.2.20-1 (bug #986447)
-	[buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
 	NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
 	NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Feb 2024] DLA-3744-1 python-django - security update
+	{CVE-2021-28658 CVE-2021-31542 CVE-2021-33203 CVE-2021-33571}
+	[buster] - python-django 1:1.11.29-1+deb10u11
 [27 Feb 2024] DLA-3743-1 wpa - security update
 	{CVE-2023-52160}
 	[buster] - wpa 2:2.7+git20190128+0c1e29f-6+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -212,12 +212,6 @@ python-asyncssh
   NOTE: 20240116: Added by Front-Desk (lamby)
   NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert)
 --
-python-django (Chris Lamb)
-  NOTE: 20231006: Added by Front-Desk (Beuc)
-  NOTE: 20231006: Fix the 4 no-dsa issues that are fixed in all other dists (Beuc/front-desk)
-  NOTE: 20231020: ^ CVE-2021-28658, CVE-2021-31542, CVE-2021-33203 & CVE-2021-33571. (lamby)
-  NOTE: 20231020: Also now vulnerable to CVE-2023-43665. (lamby)
---
 python-glance-store
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d599100d6794a9d239120cf36caad0b97d66f5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d599100d6794a9d239120cf36caad0b97d66f5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/7c40326d/attachment-0001.htm>