Debian
python-django package

python-django 2:3.2.5-1 source package in Debian

Changelog

python-django (2:3.2.5-1) experimental; urgency=medium

  * New upstream security release:

    - CVE-2021-35042: Potential SQL injection via unsanitized
      QuerySet.order_by() input.

      Unsanitized user input passed to QuerySet.order_by() could bypass
      intended column reference validation in path marked for deprecation
      resulting in a potential SQL injection even if a deprecation warning is
      emitted. As a mitigation, the strict column reference validation was
      restored for the duration of the deprecation period. This regression
      appeared in Django version 3.1 as a side effect of fixing another bug
      (#31426).

    For more information, please see:
    <https://www.djangoproject.com/weblog/2021/jul/01/security-releases/>

 -- Chris Lamb <email address hidden>  Thu, 01 Jul 2021 10:56:07 +0100

Upload details

Uploaded by:
Debian Python Team
Uploaded to:
Experimental
Original maintainer:
Debian Python Team
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
python-django_3.2.5-1.dsc 2.7 KiB 2819187bb2625cc5d0d823b6fdf3f2cfc7350899f558658cb90051a728cca8ba
python-django_3.2.5.orig.tar.gz 9.4 MiB 3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd
python-django_3.2.5-1.debian.tar.xz 26.6 KiB 04db0989ce0469171ea6b75cd1e73200a93b75c83686fa5d1481887227472222

No changes file available.

Binary packages built by this source