[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted python-django 2:2.2.28-1~deb11u8 (source) into oldoldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Sep 2025 14:33:43 -0700
Source: python-django
Architecture: source
Version: 2:2.2.28-1~deb11u8
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1113865
Changes:
 python-django (2:2.2.28-1~deb11u8) bullseye-security; urgency=high
 .
   * CVE-2025-57833: The FilteredRelation class was subject to a potential SQL
     injection through its use of column aliases. This could have been exploited
     using a suitably crafted dictionary that was controlled by an attacker,
     either with dictionary expansion via the **kwargs passed to
     QuerySet.annotate() or by using QuerySet.alias() directly.
     (Closes: #1113865)
Checksums-Sha1:
 756f27c0fd57fcc81e594c4cf95b1ba687c1377a 2811 python-django_2.2.28-1~deb11u8.dsc
 0661bddaeca016d84abc4c808c1c677cd7d4aa7b 9187543 python-django_2.2.28.orig.tar.gz
 cd2aa3972b0519ac3a177f287ec839299687c560 53496 python-django_2.2.28-1~deb11u8.debian.tar.xz
 696a50c9deb4c2de898583a2290ce52b4b9794b4 9728 python-django_2.2.28-1~deb11u8_source.buildinfo
Checksums-Sha256:
 1b8c2fab65e96564a5006650cffcbc2d5e92dddaec9390ae90bfb623e41f06e1 2811 python-django_2.2.28-1~deb11u8.dsc
 0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413 9187543 python-django_2.2.28.orig.tar.gz
 93a940a65819eecaa12a1fab4ea2d790e718afe1f816f04c5c572bc8fca2f05b 53496 python-django_2.2.28-1~deb11u8.debian.tar.xz
 e4d3fb96120252105219d13df2eeee6a1011c36f19262e9865e44abb17ea467b 9728 python-django_2.2.28-1~deb11u8_source.buildinfo
Files:
 581c59fef04eeb7c95ca65fc56c2529f 2811 python optional python-django_2.2.28-1~deb11u8.dsc
 62550f105ef66ac7d08e0126f457578a 9187543 python optional python-django_2.2.28.orig.tar.gz
 4ab1a7ec3a76cc7eba86857006ade231 53496 python optional python-django_2.2.28-1~deb11u8.debian.tar.xz
 d3e1b3ab97a6382535d37192550d226e 9728 python optional python-django_2.2.28-1~deb11u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmjIkZUACgkQHpU+J9Qx
Hlg9Fg//VTSxIXTfB0zrZoypDIwuhNCe8s32TuE6wPEk8tuRNV1qBzK6bMkYSFFO
wFZwuhBPHQ6ErOa0g/h1QL0pfhI0gZ18+AAT10FZ8O2Y7aHhIadZZ6cStGl6I8S1
9x9T3lcGfbulww7dTYs2MEMiHLqGVRq4kJLJStMFmCruvNNK8csdtZtPAh/Qphla
BYRmd4QUzUtP1+wegG40JBS/DsfUuELd6qDdKCE1sXf7+ZDUSgEF3ymzSdQ5WMZ8
vT8vLQcr874RkYKdIKRtfZa6F2yBuhO8iFgDJv34EFw5KS211L5F3YUanlA+jPO1
XIn20a9iuBCJ3iKNXmw6mDTE+s7uOBQBQs6o0wzpr5InNXM4BGKAeNKrwqKowB4A
i8wRlMgf09PT+azDWd0YTFHHYP9YnBNlUw2TPIMrG1eOkIPMtIs5uXbWH3xaLfT+
ce0iaeRxdMiyHTrI9m7Yf6SSrY8f6V/39rrx6N5LAIiTE0f6bcUHhLTXGp9d2YGz
3tT9DrKH7YGvsAD+y6fF4hgQqU3Z3AICNqLFrMl43lh3gPjUG5cu/0Gfm6foJJvm
FpNFdTLHt/HFSuxyUiT8XgBLpnGMKC6cSimjwln2t+3rOgIGrHo5+gymp7NabR6H
KiZer0L2KyrCrVfh7dMM5ynGAtaJYSMSknPEm5vuE180+SjVSEI=
=Jllz
-----END PGP SIGNATURE-----

Attachment: pgprfH8Gq9cKk.pgp
Description: PGP signature

Reply to: