Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4705-1] python-django security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4705-1] python-django security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Sebastien Delafond <seb AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4705-1] python-django security update
  • Date: Thu, 18 Jun 2020 08:51:53 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1jlqH3-0006q3-5L AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=PlDSk3WiUzq3BRvy9Ax2OCNB1DJjwtfDivM/W94GD2Q=; b=Sk xeaNWAj0DuguhtrcddpYE8gLPkvR/TPDEgwg+vR8YAgwAMFvvvNmwDzFvELMn3X8k1R0kjPNxNlIk sIrjYoRs1NflYWWRD3yKlXMHZ6pn0RnTCymUPqNjVWt8E6cvwhZjFnKfOJsIJ+VOxSNZEMX7C7HHT wgQGfa5Kro1n5EeQlUTxi+h3g7E7mI2+dIfIMWImTjo/e8YFOaVVaWV2fNlbed4fZePSY0rbaSi9d VXsY2TvYR0+mgnJm+gAFNAzQhFD4l1nDKRDOVE07ZRK4JdGuvadRQV3cpEs/RDF/BxeS5bacfChwC KohluchqSEyazukVj5+3/sJR80XrS/mQ==;
  • Old-return-path: <seb AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 18 Jun 2020 08:52:14 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <LCEEvukIKWB.A.JMF.-sy6eB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4705-1 security AT debian.org
https://www.debian.org/security/ Sebastien Delafond
June 18, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2020-9402 CVE-2020-13254 CVE-2020-13596

It was discovered that Django, a high-level Python web development
framework, did not properly sanitize input. This would allow a remote
attacker to perform SQL injection attacks, Cross-Site Scripting (XSS)
attacks, or leak sensitive information.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:1.10.7-2+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:1.11.29-1~deb10u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl7rKgsACgkQEL6Jg/PV
nWQUpQf/a6ouTulgXuSAegdWfc6ehpmZVgKb8Ln6K9lqvHsvYQyNQVjI3Loj+Squ
Jw5n0gXf/n3uW9/gKlMC/gKVie/ED7STZFgFr5k4xMvFcXiTE1V9ljv2eIQjCh9o
YtT40NCCM1oTfVemsaoyUJ5rtr5nFznY3R8yf9Rdlq7I5SZGw5BdYHaUbSKutwIp
OnrjL+VscoMBffgtaJY6/tQyMwOPiu+xynUCKEfaMHRuwwHl1+rj7gr+HRImQhTX
7FezQOxpvLPrh/tj/4DdQ6VMG1ClOCPvISGuZ1mhnMHcHy2KzA5OtoWRnVks7udG
h/WYma9kPi3CSSYNWzEVTknN/wQwxA==
=7/E0
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4705-1] python-django security update, Sebastien Delafond, 18.06.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang