—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-4705-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
June 18, 2020 https://www.debian.org/security/faq
– ————————————————————————-
Package : python-django
CVE ID : CVE-2020-9402 CVE-2020-13254 CVE-2020-13596
It was discovered that Django, a high-level Python web development
framework, did not properly sanitize input. This would allow a remote
attacker to perform SQL injection attacks, Cross-Site Scripting (XSS)
attacks, or leak sensitive information.
For the oldstable distribution (stretch), these problems have been fixed
in version 1:1.10.7-2+deb9u9.
For the stable distribution (buster), these problems have been fixed in
version 1:1.11.29-1~deb10u1.
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl7rKgsACgkQEL6Jg/PV
nWQUpQf/a6ouTulgXuSAegdWfc6ehpmZVgKb8Ln6K9lqvHsvYQyNQVjI3Loj+Squ
Jw5n0gXf/n3uW9/gKlMC/gKVie/ED7STZFgFr5k4xMvFcXiTE1V9ljv2eIQjCh9o
YtT40NCCM1oTfVemsaoyUJ5rtr5nFznY3R8yf9Rdlq7I5SZGw5BdYHaUbSKutwIp
OnrjL+VscoMBffgtaJY6/tQyMwOPiu+xynUCKEfaMHRuwwHl1+rj7gr+HRImQhTX
7FezQOxpvLPrh/tj/4DdQ6VMG1ClOCPvISGuZ1mhnMHcHy2KzA5OtoWRnVks7udG
h/WYma9kPi3CSSYNWzEVTknN/wQwxA==
=7/E0
—–END PGP SIGNATURE—–