[Git][security-tracker-team/security-tracker][master] Reserve DLA-4458-1 for python-django

Chris Lamb (@lamby) lamby at debian.org
Wed Jan 28 21:23:54 GMT 2026 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e534e98 by Chris Lamb at 2026-01-28T13:23:47-08:00
Reserve DLA-4458-1 for python-django

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -168225,7 +168225,6 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
 CVE-2024-45231 (An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The dja ...)
 	- python-django 3:4.2.16-1
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
 	NOTE: https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199 (4.2.16)
 CVE-2024-45230 (An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9,  ...)
@@ -174876,13 +174875,11 @@ CVE-2024-7518 (Select options could obscure the fullscreen notification dialog.
 CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/ (4.2.15)
 CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/ (4.2.15)
 CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
@@ -174895,7 +174892,6 @@ CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 befor
 CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.15-1 (bug #1078074)
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
 	NOTE: https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/ (4.2.15)
 CVE-2024-42062 (CloudStack account-users by default use username and password based au ...)
@@ -181498,20 +181494,17 @@ CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the leng
 CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3 (4.2.14)
 	NOTE: Relates to CVE-2023-23969 fix
 CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e (4.2.14)
 CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	[bookworm] - python-django <no-dsa> (Minor issue)
-	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14 (4.2.14)
 CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jan 2026] DLA-4458-1 python-django - security update
+	{CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989 CVE-2024-41991 CVE-2024-42005 CVE-2024-45231}
+	[bullseye] - python-django 2:2.2.28-1~deb11u11
 [26 Jan 2026] DLA-4457-1 openjdk-11 - security update
 	{CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945}
 	[bullseye] - openjdk-11 11.0.30+7-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -353,6 +353,8 @@ python-django (Chris Lamb)
   NOTE: 20260126: trixie SPU filed as #1126461. (lamby)
   NOTE: 20260126: bullseye regression identified as CVE-2025-6069 in python3.9 3.9.2-1+deb11u4 (lamby)
   NOTE: 20260128: trixie uploaded. (lamby)
+  NOTE: 20260128: DLA-4458-1 released, fixing CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989 CVE-2024-41991 CVE-2024-42005 CVE-2024-45231. (lamby)
+  NOTE: 20260128: keeping note here for bookworm SPU. (lamby)
 --
 python-tornado (dleidert)
   NOTE: 20251214: Added by Front-Desk (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e534e98af92bc339dfed8a14d9e5b1e048f9045

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e534e98af92bc339dfed8a14d9e5b1e048f9045
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260128/07a92a07/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list