Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7cc998a by Chris Lamb at 2026-01-22T14:07:30-08:00
Te-triage CVE-2024-38875, CVE-2024-41990 and CVE-2024-45230 in python-django
for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -166015,6 +166015,7 @@ CVE-2024-45230 (An issue was discovered in Django 5.1
before 5.1.1, 5.0 before 5
[bullseye] - python-django <ignored> (Minor issue; invasive to backport)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
(4.2.16)
+ NOTE: Patch overlapping with fix for CVE-2024-38875 & CVE-2024-41990.
CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x
through 3.1 ...)
- haproxy 2.9.10-1
[bookworm] - haproxy <not-affected> (Only exploitable with
zero-copy-forward)
@@ -172667,6 +172668,7 @@ CVE-2024-41990 (An issue was discovered in Django 5.0
before 5.0.8 and 4.2 befor
[bullseye] - python-django <ignored> (Minor issue; intrusive to
backport)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/
(4.2.15)
+ NOTE: Patch overlapping with fix for CVE-2024-38875 & CVE-2024-45230.
CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
@@ -179306,9 +179308,10 @@ CVE-2024-38959 (Cross Site Scripting vulnerability
in Creativeitem Academy LMS L
CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0
before 5.0 ...)
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue; intrusive to backport)
- [bullseye] - python-django <postponed> (Minor issue; revisit after
bookworm fix, if it is possible)
+ [bullseye] - python-django <ignored> (Minor issue; intrusive to
backport)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
(4.2.14)
+ NOTE: Patch overlapping with fix for CVE-2024-41990 & CVE-2024-45230.
CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior,
contains an ...)
NOT-FOR-US: Dell Alienware Command Center
CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in
v.11.5.7 allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cc998a58a73bed84822eaeb737ac19d00595f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cc998a58a73bed84822eaeb737ac19d00595f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
