[Git][security-tracker-team/security-tracker][master] Te-triage CVE-2024-38875, CVE-2024-41990 and CVE-2024-45230 in python-django for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Thu Jan 22 22:07:56 GMT 2026
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7cc998a by Chris Lamb at 2026-01-22T14:07:30-08:00
Te-triage CVE-2024-38875, CVE-2024-41990 and CVE-2024-45230 in python-django for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -166015,6 +166015,7 @@ CVE-2024-45230 (An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5
[bullseye] - python-django <ignored> (Minor issue; invasive to backport)
NOTE: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE: https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2 (4.2.16)
+ NOTE: Patch overlapping with fix for CVE-2024-38875 & CVE-2024-41990.
CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1 ...)
- haproxy 2.9.10-1
[bookworm] - haproxy <not-affected> (Only exploitable with zero-copy-forward)
@@ -172667,6 +172668,7 @@ CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 befor
[bullseye] - python-django <ignored> (Minor issue; intrusive to backport)
NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE: https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/ (4.2.15)
+ NOTE: Patch overlapping with fix for CVE-2024-38875 & CVE-2024-45230.
CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
@@ -179306,9 +179308,10 @@ CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS L
CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...)
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue; intrusive to backport)
- [bullseye] - python-django <postponed> (Minor issue; revisit after bookworm fix, if it is possible)
+ [bullseye] - python-django <ignored> (Minor issue; intrusive to backport)
NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE: https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5 (4.2.14)
+ NOTE: Patch overlapping with fix for CVE-2024-41990 & CVE-2024-45230.
CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an ...)
NOT-FOR-US: Dell Alienware Command Center
CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cc998a58a73bed84822eaeb737ac19d00595f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cc998a58a73bed84822eaeb737ac19d00595f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/6c3eec00/attachment.htm>
More information about the debian-security-tracker-commits
mailing list