[Git][security-tracker-team/security-tracker][master] Reserve DLA-4210-1 for python-django
Chris Lamb (@lamby)
lamby at debian.org
Fri Jun 6 00:01:37 BST 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2427ce2a by Chris Lamb at 2025-06-05T15:58:59-07:00
Reserve DLA-4210-1 for python-django
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -137797,7 +137797,6 @@ CVE-2024-2002 (A double-free vulnerability was found in libdwarf. In a multiply-
CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, ...)
- python-django 3:4.2.11-1
[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
- [bullseye] - python-django <postponed> (Minor issue, fix along in future update)
[buster] - python-django <no-dsa> (Minor issue)
NOTE: https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
NOTE: https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e (5.0.3)
@@ -144844,7 +144843,6 @@ CVE-2024-1283 (Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167
CVE-2024-24680 (An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10 ...)
- python-django 3:4.2.10-1
[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
- [bullseye] - python-django <postponed> (Minor issue, fix along in future update)
[buster] - python-django <postponed> (Minor issue, fix along in future update)
NOTE: https://www.openwall.com/lists/oss-security/2024/02/06/2
NOTE: https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
@@ -168833,7 +168831,6 @@ CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not vali
CVE-2023-43665 (In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, ...)
- python-django 3:4.2.6-1 (bug #1053475)
[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
- [bullseye] - python-django <postponed> (Minor issue, fix along in future update)
[buster] - python-django <postponed> (Minor issue, fix along in future update)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/04/6
NOTE: https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
@@ -172582,7 +172579,6 @@ CVE-2023-41164 (In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4
{DLA-3558-1}
- python-django 3:3.2.21-1 (bug #1051226)
[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
- [bullseye] - python-django <postponed> (Minor issue, fix along in future update)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
NOTE: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Jun 2025] DLA-4210-1 python-django - security update
+ {CVE-2023-41164 CVE-2023-43665 CVE-2024-24680 CVE-2024-27351 CVE-2025-32873 CVE-2025-48432}
+ [bullseye] - python-django 2:2.2.28-1~deb11u7
[05 Jun 2025] DLA-4209-1 libfile-find-rule-perl - security update
{CVE-2011-10007}
[bullseye] - libfile-find-rule-perl 0.34-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -288,11 +288,6 @@ php-horde-css-parser
php-laravel-framework
NOTE: 20250307: Added by Front-Desk (rouca)
--
-python-django (Chris Lamb)
- NOTE: 20250507: Added by Front-Desk (Beuc)
- NOTE: 20250507: Added on request from lamby about CVE-2025-32873.
- NOTE: 20250507: Many postponed vulnerabilities to fix as well (Beuc/front-desk)
---
pytorch
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed (rouca/FD)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2427ce2aebbab0bb29230cedb778de8d1d177002
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2427ce2aebbab0bb29230cedb778de8d1d177002
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250605/74ab5dcd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list