python-django 2:4.0.6-1 source package in Ubuntu
Changelog
python-django (2:4.0.6-1) unstable; urgency=high * New upstream security release: - CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. "Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected." "This security release mitigates the issue, but we have identified improvements to the Database API methods related to date extract and truncate that would be beneficial to add to Django 4.1 before it's final release. This will impact 3rd party database backends using Django 4.1 release candidate 1 or newer, until they are able to update to the API changes. We apologize for the inconvenience." <https://www.djangoproject.com/weblog/2022/jul/04/security-releases/> * Refresh patches. -- Chris Lamb <email address hidden> Tue, 05 Jul 2022 12:38:15 +0100
Upload details
- Uploaded by:
- Debian Python Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Python Team
- Architectures:
- all
- Section:
- python
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_4.0.6-1.dsc | 2.7 KiB | 1f85af66abda2e50ce9207e4ba888d348e5400e04f399fd263377573551e3db6 |
python-django_4.0.6.orig.tar.gz | 9.9 MiB | a67a793ff6827fd373555537dca0da293a63a316fe34cb7f367f898ccca3c3ae |
python-django_4.0.6-1.debian.tar.xz | 29.8 KiB | ac63b02f0a31b9f383371653a88928357a2fc16029aa1fd947aec45d959f61c7 |
Available diffs
- diff from 2:4.0.5-2 to 2:4.0.6-1 (21.6 KiB)
No changes file available.
Binary packages built by this source
- python-django-doc: No summary available for python-django-doc in ubuntu kinetic.
No description available for python-django-doc in ubuntu kinetic.
- python3-django: No summary available for python3-django in ubuntu kinetic.
No description available for python3-django in ubuntu kinetic.