Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a5ada20e by Moritz Mühlenhoff at 2026-02-15T22:40:39+01:00
django DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -175575,7 +175575,6 @@ CVE-2024-6232 (There is a MEDIUM severity
vulnerability affecting CPython.
CVE-2024-45231 (An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.
The dja ...)
{DLA-4458-1}
- python-django 3:4.2.16-1
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
(4.2.16)
CVE-2024-45230 (An issue was discovered in Django 5.1 before 5.1.1, 5.0 before
5.0.9, ...)
@@ -182233,13 +182232,11 @@ CVE-2024-7518 (Select options could obscure the
fullscreen notification dialog.
CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
{DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/
(4.2.15)
CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
{DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/
(4.2.15)
CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
@@ -182252,7 +182249,6 @@ CVE-2024-41990 (An issue was discovered in Django 5.0
before 5.0.8 and 4.2 befor
CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
{DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/
(4.2.15)
CVE-2024-42062 (CloudStack account-users by default use username and password
based au ...)
@@ -188855,20 +188851,17 @@ CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks
proper validation of the leng
CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
{DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
(4.2.14)
NOTE: Relates to CVE-2023-23969 fix
CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
{DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
(4.2.14)
CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
{DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
- [bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
(4.2.14)
CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was
discovered ...)
@@ -230013,7 +230006,6 @@ CVE-2024-2002 (A double-free vulnerability was found
in libdwarf. In a multiply-
CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before
5.0.3, ...)
{DLA-4210-1}
- python-django 3:4.2.11-1
- [bookworm] - python-django <postponed> (Minor issue, fix along in
future update)
[buster] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
NOTE:
https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e
(5.0.3)
@@ -237073,7 +237065,6 @@ CVE-2024-1283 (Heap buffer overflow in Skia in Google
Chrome prior to 121.0.6167
CVE-2024-24680 (An issue was discovered in Django 3.2 before 3.2.24, 4.2
before 4.2.10 ...)
{DLA-4210-1}
- python-django 3:4.2.10-1
- [bookworm] - python-django <postponed> (Minor issue, fix along in
future update)
[buster] - python-django <postponed> (Minor issue, fix along in future
update)
NOTE: https://www.openwall.com/lists/oss-security/2024/02/06/2
NOTE:
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/
@@ -261084,7 +261075,6 @@ CVE-2023-43739 (The 'bookisbn' parameter of the
cart.php resource does not vali
CVE-2023-43665 (In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before
4.2.6, ...)
{DLA-4210-1}
- python-django 3:4.2.6-1 (bug #1053475)
- [bookworm] - python-django <postponed> (Minor issue, fix along in
future update)
[buster] - python-django <postponed> (Minor issue, fix along in future
update)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/04/6
NOTE:
https://www.djangoproject.com/weblog/2023/oct/04/security-releases/
@@ -264844,7 +264834,6 @@ CVE-2023-2813 (All of the above Aapna WordPress theme
through 1.3, Anand WordPre
CVE-2023-41164 (In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before
4.2.5, ...)
{DLA-4210-1 DLA-3558-1}
- python-django 3:3.2.21-1 (bug #1051226)
- [bookworm] - python-django <postponed> (Minor issue, fix along in
future update)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
NOTE:
https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
NOTE:
https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce
(main)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Feb 2026] DSA-6136-1 python-django - security update
+ {CVE-2019-14232 CVE-2023-41164 CVE-2023-43665 CVE-2024-24680
CVE-2024-27351 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989
CVE-2024-41991 CVE-2024-42005 CVE-2024-45231 CVE-2024-53907 CVE-2024-56374
CVE-2025-13372 CVE-2025-26699 CVE-2025-32873 CVE-2025-48432 CVE-2025-57833
CVE-2025-59681 CVE-2025-59682 CVE-2025-64459 CVE-2025-64460}
+ [bookworm] - python-django 3:3.2.25-0+deb12u1
[14 Feb 2026] DSA-6135-1 chromium - security update
{CVE-2026-2313 CVE-2026-2314 CVE-2026-2315 CVE-2026-2316 CVE-2026-2317
CVE-2026-2318 CVE-2026-2319 CVE-2026-2320 CVE-2026-2321 CVE-2026-2322
CVE-2026-2323 CVE-2026-2441}
[bookworm] - chromium 145.0.7632.75-1~deb12u1
=====================================
data/dsa-needed.txt
=====================================
@@ -69,8 +69,6 @@ pillow/stable
--
python-aiohttp
--
-python-django/oldstable (jmm)
---
python-tornado (jmm)
Daniel Leidert is proposing to work on an update, asked to send debdiffs to
team for review
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5ada20eb39efb2f69e542e1eefe15f79b8356d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5ada20eb39efb2f69e542e1eefe15f79b8356d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
