[Git][security-tracker-team/security-tracker][master] Reference upstream commit for django issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 7 17:02:34 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4974c57 by Salvatore Bonaccorso at 2026-04-07T18:02:04+02:00
Reference upstream commit for django issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,18 +1,23 @@
 CVE-2026-33034 [Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass]
 	- python-django <unfixed> (bug #1132927)
 	NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/ed4dfda62718a0bb644b80ac8b1d3099861f2295 (4.2.30)
 CVE-2026-33033 [Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload]
 	- python-django <unfixed> (bug #1132927)
 	NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/f13c20f81b56108ac477213fa5ada2524b5e5c98 (4.2.30)
 CVE-2026-4292 [Privilege abuse in ModelAdmin.list_editable]
 	- python-django <unfixed> (bug #1132927)
 	NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/abfe1a1c57a57cfaf6dd4a0571c029401a0fe743 (4.2.30)
 CVE-2026-4277 [Privilege abuse in GenericInlineModelAdmin]
 	- python-django <unfixed> (bug #1132927)
 	NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/051f3909e820360bbe84a21350e82f4961e3d917 (4.2.30)
 CVE-2026-3902 [ASGI header spoofing via underscore/hyphen conflation]
 	- python-django <unfixed> (bug #1132927)
 	NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/
+	NOTE: Fixed by: https://github.com/django/django/commit/4412731aa64d62a6dd7edae79e0c15b72666d7ca (4.2.30)
 CVE-2026-5719 (A flaw has been found in itsourcecode Construction Management System 1 ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-5709 (Unsanitized input in the FileBrowser API in AWS Research and Engineeri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4974c572566b0a1247a001675129a682ff816f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4974c572566b0a1247a001675129a682ff816f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/9a7d68b8/attachment.htm>

More information about the debian-security-tracker-commits mailing list