[Git][security-tracker-team/security-tracker][master] Add two new python-django issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5136813 by Salvatore Bonaccorso at 2025-12-02T20:41:46+01:00
Add two new python-django issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2025-64460 [Potential denial-of-service vulnerability in XML serializer text extraction]
+	- python-django <unfixed> (bug #1121788)
+	NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0 (4.2.27)
+CVE-2025-13372 [Potential SQL injection in FilteredRelation column aliases on PostgreSQL]
+	- python-django <unfixed> (bug #1121788)
+	NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d (4.2.27)
 CVE-2025-66448 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5136813c9545e198a0eca27520b029b7bef3979

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5136813c9545e198a0eca27520b029b7bef3979
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/fa7f5894/attachment.htm>