[Git][security-tracker-team/security-tracker][master] Add new python-django issues

Wed Jul 10 10:24:30 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2684ebf5 by Salvatore Bonaccorso at 2024-07-10T11:13:21+02:00
Add new python-django issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,11 +35,17 @@ CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks proper validation of user-sup
 CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of  ...)
 	TODO: check
 CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
-	TODO: check
+	- python-django <unfixed> (bug #1076069)
+	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
+	NOTE: https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3 (4.2.14)
 CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
-	TODO: check
+	- python-django <unfixed> (bug #1076069)
+	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
+	NOTE: https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e (4.2.14)
 CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
-	TODO: check
+	- python-django <unfixed> (bug #1076069)
+	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
+	NOTE: https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14 (4.2.14)
 CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
 	TODO: check
 CVE-2024-39072 (AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnera ...)
@@ -55,7 +61,9 @@ CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) v
 CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS Learnin ...)
 	TODO: check
 CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...)
-	TODO: check
+	- python-django <unfixed> (bug #1076069)
+	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
+	NOTE: https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5 (4.2.14)
 CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an  ...)
 	TODO: check
 CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2684ebf54c358067ee4e861f9381d6947b4341d3

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2684ebf54c358067ee4e861f9381d6947b4341d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/04164a6d/attachment.htm>
