python-django 2:3.2.13-1 source package in Ubuntu
Changelog
python-django (2:3.2.13-1) unstable; urgency=high * New upstream security release: - CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra(). QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods. - CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL. QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument. See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/> for more info. -- Chris Lamb <email address hidden> Tue, 12 Apr 2022 18:22:30 +0200
Upload details
- Uploaded by:
- Debian Python Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Python Team
- Architectures:
- all
- Section:
- python
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_3.2.13-1.dsc | 2.7 KiB | e5804ddf02f40011d1a922d7e00f6e8d1f57a86750271f9e0cbd4c6c68fbaefe |
python-django_3.2.13.orig.tar.gz | 9.4 MiB | 6d93497a0a9bf6ba0e0b1a29cccdc40efbfc76297255b1309b3a884a688ec4b6 |
python-django_3.2.13-1.debian.tar.xz | 34.9 KiB | 88e639d8478ae0c1599b36c3678bc297145cac297333426e371cb86bb238e474 |
Available diffs
No changes file available.
Binary packages built by this source
- python-django-doc: No summary available for python-django-doc in ubuntu kinetic.
No description available for python-django-doc in ubuntu kinetic.
- python3-django: No summary available for python3-django in ubuntu kinetic.
No description available for python3-django in ubuntu kinetic.