[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2025-13372 in python-django for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Mon Dec 29 21:49:40 GMT 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b56971ea by Chris Lamb at 2025-12-29T13:44:52-08:00
Triage CVE-2025-13372 in python-django for bullseye LTS.
- - - - -
ca274535 by Chris Lamb at 2025-12-29T13:49:30-08:00
Reserve DLA-4425-1 for python-django
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12210,6 +12210,7 @@ CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15,
NOTE: Fixed by: https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0 (4.2.27)
CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...)
- python-django 3:4.2.27-1 (bug #1121788)
+ [bullseye] - python-django <not-affected> (.alias() functionality added later)
NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d (4.2.27)
CVE-2025-66448 (vLLM is an inference and serving engine for large language models (LLM ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Dec 2025] DLA-4425-1 python-django - security update
+ {CVE-2025-64459 CVE-2025-64460}
+ [bullseye] - python-django 2:2.2.28-1~deb11u10
[29 Dec 2025] DLA-4424-1 openjpeg2 - security update
{CVE-2025-50952}
[bullseye] - openjpeg2 2.4.0-3+deb11u2
=====================================
data/dla-needed.txt
=====================================
@@ -356,6 +356,7 @@ python-django (Chris Lamb)
NOTE: 20251106: Also, time to finalize the SPU? (Beuc/front-desk)
NOTE: 20251106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079454
NOTE: 20251212: Working on postponed CVEs. (lamby)
+ NOTE: 20251229: DLA-4425-1 released, now looking at SPU. (lamby)
--
python-tornado (dleidert)
NOTE: 20251214: Added by Front-Desk (dleidert)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5a75c6e5ac77287205ff8c7f23d16b917951de1...ca274535347ba1212c0d783c6cf64d8b2f8d031d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5a75c6e5ac77287205ff8c7f23d16b917951de1...ca274535347ba1212c0d783c6cf64d8b2f8d031d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251229/9287b8bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list