[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-53908 in python-django for bookworm.
Chris Lamb (@lamby)
lamby at debian.org
Fri Feb 27 17:15:49 GMT 2026
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3c5e38b by Chris Lamb at 2026-02-27T09:13:50-08:00
Triage CVE-2024-53908 in python-django for bookworm.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -155694,8 +155694,8 @@ CVE-2024-10567 (The TI WooCommerce Wishlist plugin for WordPress is vulnerable t
NOT-FOR-US: WordPress plugin
CVE-2024-53908 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...)
- python-django 3:4.2.17-1
- [bookworm] - python-django <postponed> (Minor issue, fix along in future DSA)
- [bullseye] - python-django <not-affected> (Vulnerable code introduce later)
+ [bookworm] - python-django <not-affected> (Passing class instances to .filter() not supported yet)
+ [bullseye] - python-django <not-affected> (Passing class instances to .filter() not supported yet)
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5 (4.2.17)
CVE-2024-53907 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3c5e38b18a437f88d848cc557008407c26a8e6a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3c5e38b18a437f88d848cc557008407c26a8e6a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260227/fa6f7452/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list