Debian 10158 Published by

The following security updates have been released for Debian GNU/Linux Extended LTS:

ELA-1165-1 systemd security update
ELA-1164-1 python-django security update
ELA-1163-1 python-django security update




ELA-1165-1 systemd security update

Package : systemd
Version : 232-25+deb9u17 (stretch), 241-7~deb10u11 (buster)

Related CVEs :
CVE-2023-7008
CVE-2023-50387
CVE-2023-50868

Multiple vulnerabilities have been fixed in systemd, the default init system in Debian, when using systemd-resolved with DNSSEC.

ELA-1165-1 systemd security update


ELA-1164-1 python-django security update

Package : python-django
Version : 1:1.11.29-1+deb10u12 (buster)

Related CVEs :
CVE-2024-41989
CVE-2024-41991
CVE-2024-42005

(Release for buster only)
A number of vulnerabilities were discovered in Django, a popular Python-based web development framework:

CVE-2024-41989: The floatformat template filter was subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

CVE-2024-41991: Fix an issue where the urlize and urlizetrunc template filters (as well as the AdminURLFieldWidget widget) were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

CVE-2024-42005: Fix an issue where the QuerySet.values() and values_list() methods on models with a JSONFields were subject to a SQL injection attack through column aliases via a crafted JSON object key.

ELA-1164-1 python-django security update


ELA-1163-1 python-django security update

Package : python-django
Version : 1.7.11-1+deb8u17 (jessie), 1:1.10.7-2+deb9u23 (stretch)

Related CVEs :
CVE-2024-41989

(Release for jessie and stretch only)
A Denial of Service (DoS) vulnerability was discovered in Django, a popular
Python-based web development framework.
The floatformat template filter was subject to significant memory consumption
when given a string representation of a number in scientific notation with a
large exponent.

ELA-1163-1 python-django security update