Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b5136813 by Salvatore Bonaccorso at 2025-12-02T20:41:46+01:00 Add two new python-django issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2025-64460 [Potential denial-of-service vulnerability in XML serializer text extraction] + - python-django <unfixed> (bug #1121788) + NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/ + NOTE: Fixed by: https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0 (4.2.27) +CVE-2025-13372 [Potential SQL injection in FilteredRelation column aliases on PostgreSQL] + - python-django <unfixed> (bug #1121788) + NOTE: https://www.djangoproject.com/weblog/2025/dec/02/security-releases/ + NOTE: Fixed by: https://github.com/django/django/commit/f997037b235f6b5c9e7c4a501491ec45f3400f3d (4.2.27) CVE-2025-66448 (vLLM is an inference and serving engine for large language models (LLM ...) - vllm <itp> (bug #1095237) CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5136813c9545e198a0eca27520b029b7bef3979 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5136813c9545e198a0eca27520b029b7bef3979 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
