[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-64458/python-django: bullseye not-affected

Thu Nov 6 12:57:17 GMT 2025


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f79773cf by Sylvain Beucler at 2025-11-06T13:53:02+01:00
CVE-2025-64458/python-django: bullseye not-affected

- - - - -
9092fac7 by Sylvain Beucler at 2025-11-06T13:56:47+01:00
dla: add python-django

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -78,6 +78,7 @@ CVE-2025-64459 (An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26,
 	NOTE: https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4 (4.2.26)
 CVE-2025-64458 (An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5 ...)
 	- python-django 3:4.2.26-1 (bug #1120139)
+	[bullseye] - python-django <not-affected> (Windows-only issue)
 	NOTE: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
 	NOTE: https://github.com/django/django/commit/c880530ddd4fabd5939bab0e148bebe36699432a (main)
 	NOTE: https://github.com/django/django/commit/770eea38d7a0e9ba9455140b5a9a9e33618226a7 (4.2.26)


=====================================
data/dla-needed.txt
=====================================
@@ -292,6 +292,12 @@ php-laravel-framework
   NOTE: 20251027: tests is required to prevent regressions, but I could not get the upstream
   NOTE: 20251027: test suite to work. It is not exercised as part of Debian packages build. (paride)
 --
+python-django
+  NOTE: 20251106: Added by Front-Desk (Beuc)
+  NOTE: 20251106: Lots of postponed vulnerabilities triaged for the next update.
+  NOTE: 20251106: Also, time to finalize the SPU? (Beuc/front-desk)
+  NOTE: 20251106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079454
+--
 pytorch (dleidert)
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed (rouca/FD)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6dcc010dff24c344f1aac334b4bf484237f65cb9...9092fac7d49f34575f956bd9e2374aa8c9e80156

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6dcc010dff24c344f1aac334b4bf484237f65cb9...9092fac7d49f34575f956bd9e2374aa8c9e80156
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251106/a32e9b81/attachment.htm>
