[SECURITY] [DSA 4706-1] drupal7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4706-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2020 https://www.debian.org/security/faq - - Package: drupal7 CVE ID : CVE-2020-13663 It was discovered that Drupal, a fully-featured content management framework, was suspectible to cross site request forgery. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2020-004 For the oldstable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u11. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7rzVUACgkQEMKTtsN8 TjaXqxAAmamAJvolHFUDrfp2f25ByMFBc0yR22Ycp2EuRwwdgzxnDqFTi1OaaOx1 BUWVX31Is12Oi1wcOtHjfR0vINlM28QGr50k4mdWA+dw7ibNDybfex0wZ2tSYUgL /YEjM5G4WdlERxd8muX2s/FGvPUR+jCv9hbV07nENf8icygNo3y41OqFnQLUNF/u ruhULa8p2xWewfaS1d8u0LAxiPvj/gUJPdlPHQ3p2lEfX3dh1EjWIXxRvx+/aVHQ j4D/dYhEjIwWoTjt5xO86VWh/hKzjQVUoCv7pBBgLQLijr6zZx95sWfkJ/tbIyGo ZjFu+zyJGvSQzlZkj0QIxoMSrc6suORihYRzpdC6bfT/ec7+lrmhHPEG7HYZQJhH j83L2ClJVkGGS4qq/Wv4x5PLwNCrPH4PkjzFzpX8wPZcTMgvKUmWUpTqmjPyFSNT nam1Gzea3rTPmdaNKQ5VksTizh20rZIWB8c3FMh9aIx0FXBIXhmX6vm2PNbZLAhV LKKc+V7gwA/ZuCVtGcJMSUHU3RL67jWfouFKGonTPAeE5sFWQp4q+cnO/K+oZxe8 33xmQ82lzzb7Fw3A4GSGejZz1eXN0MTp3xkwqzCXCoqumEMavwAeeT7xAHSTc9t1 ip/9lPmB8/T/gUys3Jif6NLuINkd2Yz4+4wS2Q5cC7I+IzAURnU= =Pmwi -END PGP SIGNATURE-
[SECURITY] [DSA 4705-1] python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4705-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond June 18, 2020 https://www.debian.org/security/faq - - Package: python-django CVE ID : CVE-2020-9402 CVE-2020-13254 CVE-2020-13596 It was discovered that Django, a high-level Python web development framework, did not properly sanitize input. This would allow a remote attacker to perform SQL injection attacks, Cross-Site Scripting (XSS) attacks, or leak sensitive information. For the oldstable distribution (stretch), these problems have been fixed in version 1:1.10.7-2+deb9u9. For the stable distribution (buster), these problems have been fixed in version 1:1.11.29-1~deb10u1. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl7rKgsACgkQEL6Jg/PV nWQUpQf/a6ouTulgXuSAegdWfc6ehpmZVgKb8Ln6K9lqvHsvYQyNQVjI3Loj+Squ Jw5n0gXf/n3uW9/gKlMC/gKVie/ED7STZFgFr5k4xMvFcXiTE1V9ljv2eIQjCh9o YtT40NCCM1oTfVemsaoyUJ5rtr5nFznY3R8yf9Rdlq7I5SZGw5BdYHaUbSKutwIp OnrjL+VscoMBffgtaJY6/tQyMwOPiu+xynUCKEfaMHRuwwHl1+rj7gr+HRImQhTX 7FezQOxpvLPrh/tj/4DdQ6VMG1ClOCPvISGuZ1mhnMHcHy2KzA5OtoWRnVks7udG h/WYma9kPi3CSSYNWzEVTknN/wQwxA== =7/E0 -END PGP SIGNATURE-