[SECURITY] [DLA 2982-1] python-django security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2982-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
April 14, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : python-django
Version : 1:1.10.7-2+deb9u16
CVE ID : CVE-2022-28346
Debian Bug : #1009677
It was discovered that there was potential SQL injection attack
vulnerability in Django, a popular Python-based web development
framework.
QuerySet.annotate(), aggregate(), and extra() methods were subject to
SQL injection in column aliases, using a suitably crafted dictionary,
with dictionary expansion, as the **kwargs passed to these methods.
For more information, please see:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
For Debian 9 "Stretch", this problem has been fixed in version
1:1.10.7-2+deb9u16.
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmJYQXwACgkQHpU+J9Qx
HlhvxxAApORZR07Bo6XcViIWJRdiewPjDzK013qFP6Wm/hI9bbIpID3z83xbchb0
G/SNpbyLJWaBhSqGjWecbMIskuUNfas4mh3eZ/F6uJoFxGvW0asA8kgqcLI4z7d0
uWzhi/WyIKNGTbS+J82oiS1weEj3TfNWtLaiDtA37/fJxFGRGRKjLerpCuOve1t+
XcdpuwzEyw1aiqQlD6PlEy87Dntr6+zUtEhQP6/o/sLF5vrIKDivSsfgssPB+QR0
6zKvYhDzpcKxX46Mj0llXVLREOkj/CxKnQPFOnCiuiL0q+JZLXJb2LYVSlV0h6j2
/DD5LK6EgNT++OTP3SdoRVIukEjpHPWiHdYkYBVUvcC05fA2+klU2vm12boooZ0a
YoFewRbdDmXR4nIiq0jRU7wqkrryfyEGz2lE4Ej/BADye0ZIPcYZC1Jbgi+Cl21Q
ahM1jK7AZCFVwVnvcwirv/ZPRwCqPbWDVQEJIolhvFtwpZ4YLEdZ+qALH0K0eIu2
ldPcWIZXXFiL2sn9JjBMnhq1komJ6UtwyRYOcxNRB4EImjzr9QAPS5q4ohmvZ7E0
MsAr7AqJOXhKp5oqbp30Fvx5Om7HYyo/8KrXAMZQAUuPMNKM+LzNV3O4YSkZ9f9w
zNRpiLYf58bQ9TDSZT8JwfWdysG0CZtba9uWLS0/9PMjNFakm6I=
=RZ82
-----END PGP SIGNATURE-----
Reply to: