subject:"\[Bug 1971314\] Re\: Merge python\-django from Debian unstable for kinetic"

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

2022-05-27 Thread Bryce Harrington

This bug was fixed in the package python-django - 2:3.2.13-1
Sponsored for Lena Voytek (lvoytek)

---
python-django (2:3.2.13-1) unstable; urgency=high

  * New upstream security release:

- CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
  aggregate(), and extra().

  QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
  injection in column aliases, using a suitably crafted dictionary, with
  dictionary expansion, as the **kwargs passed to these methods.

- CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
  on PostgreSQL.

  QuerySet.explain() method was subject to SQL injection in option names,
  using a suitably crafted dictionary, with dictionary expansion, as the
  **options argument.

See 
for more info.

 -- Chris Lamb   Tue, 12 Apr 2022 18:22:30 +0200

** Changed in: python-django (Ubuntu)
   Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28346

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28347

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971314

Title:
  Merge python-django from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1971314/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

2022-05-26 Thread Lena Voytek

** Merge proposal linked:
   
https://code.launchpad.net/~lvoytek/ubuntu/+source/python-django/+git/python-django/+merge/423482

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971314

Title:
  Merge python-django from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1971314/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

2022-05-26 Thread Lena Voytek

** Changed in: python-django (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971314

Title:
  Merge python-django from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1971314/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

2022-05-11 Thread Lena Voytek

** Changed in: python-django (Ubuntu)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971314

Title:
  Merge python-django from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1971314/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

[Bug 1971314] Re: Merge python-django from Debian unstable for kinetic

4 matches

Site Navigation

Mail list logo

Footer information