python-django 2:3.2.13-1 source package in Ubuntu
Changelog
python-django (2:3.2.13-1) unstable; urgency=high
* New upstream security release:
- CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra().
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
- CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
on PostgreSQL.
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.
See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>
for more info.
-- Chris Lamb <email address hidden> Tue, 12 Apr 2022 18:22:30 +0200
Upload details
- Uploaded by:
- Debian Python Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Python Team
- Architectures:
- all
- Section:
- python
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_3.2.13-1.dsc | 2.7 KiB | e5804ddf02f40011d1a922d7e00f6e8d1f57a86750271f9e0cbd4c6c68fbaefe |
| python-django_3.2.13.orig.tar.gz | 9.4 MiB | 6d93497a0a9bf6ba0e0b1a29cccdc40efbfc76297255b1309b3a884a688ec4b6 |
| python-django_3.2.13-1.debian.tar.xz | 34.9 KiB | 88e639d8478ae0c1599b36c3678bc297145cac297333426e371cb86bb238e474 |
Available diffs
No changes file available.
Binary packages built by this source
- python-django-doc: No summary available for python-django-doc in ubuntu kinetic.
No description available for python-django-doc in ubuntu kinetic.
- python3-django: No summary available for python3-django in ubuntu kinetic.
No description available for python3-django in ubuntu kinetic.
