[Git][security-tracker-team/security-tracker][master] Add initial tracking for python-django issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 3 17:41:37 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f86365f7 by Salvatore Bonaccorso at 2026-02-03T18:41:03+01:00
Add initial tracking for python-django issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2026-1312 [Potential SQL injection via QuerySet.order_by and FilteredRelation]
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
+CVE-2026-1287 [Potential SQL injection in column aliases via control characters]
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
+CVE-2026-1285 [Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods]
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
+CVE-2026-1207 [Potential SQL injection via raster lookups on PostGIS]
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
+CVE-2025-14550 [Potential denial-of-service vulnerability via repeated headers when using ASGI]
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
+CVE-2025-13473 [Username enumeration through timing difference in mod_wsgi authentication handler]
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
 CVE-2026-25228 (Signal K Server is a server application that runs on a central hub in  ...)
 	NOT-FOR-US: Signal K Server
 CVE-2026-25222 (PolarLearn is a free and open-source learning program. In 0-PRERELEASE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f86365f7eb20d6057b2eaaf661b13722dd282299

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f86365f7eb20d6057b2eaaf661b13722dd282299
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/df66648d/attachment.htm>

More information about the debian-security-tracker-commits mailing list