ELA-640-1 python-django security update

Debian 9924 Published by

A python-django security update has been released for Debian GNU/Linux 9 Extended LTS to address a SQL injection vulnerability.



ELA-640-1 python-django security update

Package python-django
Version 1:1.10.7-2+deb9u18 (stretch)
Related CVEs CVE-2022-34265

A SQL injection vulnerability was discovered in Django, the popular web development framework.

The Trunc() and Extract() database functions were subject to SQL injection if untrusted data is used as a kind or lookup_name value. Applications that constrained the lookup name and kind choice to a “known”, fixed or otherwise safe list were unaffected.

For Debian 9 jessie, these problems have been fixed in version 1:1.10.7-2+deb9u18.

We recommend that you upgrade your python-django packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-640-1 python-django security update

USN-5511-1: Git vulnerabilities

DSA 5181-1: request-tracker4 security update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...