Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f691289 by Chris Lamb at 2021-12-07T14:55:11-08:00
Triage CVE-2021-44420 in python-django for stretch LTS.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -712,6 +712,7 @@ CVE-2021-44420 [Potential bypass of an upstream access
control based on URL path
- python-django 2:3.2.10-1
[bullseye] - python-django <no-dsa> (Minor issue)
[buster] - python-django <no-dsa> (Minor issue)
+ [stretch] - python-django <not-affected> (Vulnerable code not present;
path converters added later)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
NOTE:
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
NOTE:
https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a
(3.2.10)
=====================================
data/dla-needed.txt
=====================================
@@ -68,8 +68,6 @@ nvidia-graphics-drivers (Markus Koschany)
pgbouncer (Thorsten Alteholz)
NOTE: 20211128: also help with other releases
--
-python-django (Chris Lamb)
---
rustc (Roberto C. Sánchez)
NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
NOTE: https://bugs.debian.org/928422
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f691289cbf1d7f6c4e2c1a3ee0bb0b34a943c49
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f691289cbf1d7f6c4e2c1a3ee0bb0b34a943c49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
