[SECURITY] [DSA 6136-1] python-django security update

Sun, 15 Feb 2026 13:55:56 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6136-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
February 15, 2026                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2023-41164 CVE-2023-43665 CVE-2024-24680 CVE-2024-27351
                 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989
                 CVE-2024-41991 CVE-2024-42005 CVE-2024-45231 CVE-2024-53907
                 CVE-2024-56374 CVE-2025-13372 CVE-2025-26699 CVE-2025-32873
                 CVE-2025-48432 CVE-2025-57833 CVE-2025-59681 CVE-2025-59682
                 CVE-2025-64459 CVE-2025-64460

Multiple security issues were found in Django, a Python web development
framework, which could result in denial of service, information
disclosure, directory traversal or SQL injection.

For the oldstable distribution (bookworm), these problems have been fixed
in version 3:3.2.25-0+deb12u1. python-django-storages also needed to be
updated to ensure ongoing compatibility (1.13.2-1+deb12u1).

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmSPfsACgkQEMKTtsN8
TjbRpA//QPSVhlDxaxwRjjMESEwUzp4n2eoAPsN5M9q+GeQ2lEyelCmlmjK1nIX8
8Cy7mOSCYv/L59/HmdQmzK9HjqR6OJSQ7xh72Ulc9LULIPguSsbiRI0Drzs6378N
qvGIDB9mubEjLp0kQmw88ynWLOUMgg8A7+Kt7FgD6Ak1BujfseKw22BNresjFn96
etj5veuNuCcH9s5CTFU2ZJPAFRa04i7Yj5OHuefYJsDTRLgdolOLL9/pfs/3Sg6d
OLh92Vyg64N/yZ9kXYhLl0TyjOC7EdJDQVvNLCrr00OAwmAU+FGfcR0QHHgDDEmf
P2oVdSpX5N7PAtrZQqv050GTNUr/O9BZnsuLRw3Xko72s811wZiRJ2pH7cPcvefL
0y4XHU3KghSuRMfNsfiqiXkP1cldAwL2NmcaxLaEl1mRGyPhOtMB6SO6QwoVNeQI
NEjCyS70dUZJ5dfSXvWKPkHeKa1Ra7t03uneACQxrWVGKaMdCWpzk7OGQH4xKn2g
YpXHEcEXO4FpmUTk8dOS0caLfLyhWsns8J7z8E4Lk11VdawBkeHYc+1QBJz7zNgJ
G7gh808E9PkUD+nLJRJudgQzgeaMNchwdpbr0xL3VtihcWm8IL+dWmBVnO/CY4fx
MVutSev501uOLBXsxLpaC9soJ0OHhvcDHwc6DHq63aeuH7CAMTI=
=0vBz
-----END PGP SIGNATURE-----

Reply via email to