[Git][security-tracker-team/security-tracker][master] Add new python-django issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 7 17:00:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1909a251 by Salvatore Bonaccorso at 2026-04-07T17:58:59+02:00
Add new python-django issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,18 @@
+CVE-2026-33034 [Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass]
+ - python-django <unfixed> (bug #1132927)
+ NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+CVE-2026-33033 [Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload]
+ - python-django <unfixed> (bug #1132927)
+ NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+CVE-2026-4292 [Privilege abuse in ModelAdmin.list_editable]
+ - python-django <unfixed> (bug #1132927)
+ NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+CVE-2026-4277 [Privilege abuse in GenericInlineModelAdmin]
+ - python-django <unfixed> (bug #1132927)
+ NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+CVE-2026-3902 [ASGI header spoofing via underscore/hyphen conflation]
+ - python-django <unfixed> (bug #1132927)
+ NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
CVE-2026-5719 (A flaw has been found in itsourcecode Construction Management System 1 ...)
NOT-FOR-US: itsourcecode System
CVE-2026-5709 (Unsanitized input in the FileBrowser API in AWS Research and Engineeri ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1909a2519db6764d0c18e154fb1e86826665ee5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1909a2519db6764d0c18e154fb1e86826665ee5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/03a17ac7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list