You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python-django

Sigurnosni nedostaci programskog paketa python-django

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4705-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
June 18, 2020 https://www.debian.org/security/faq
– ————————————————————————-

Package : python-django
CVE ID : CVE-2020-9402 CVE-2020-13254 CVE-2020-13596

It was discovered that Django, a high-level Python web development
framework, did not properly sanitize input. This would allow a remote
attacker to perform SQL injection attacks, Cross-Site Scripting (XSS)
attacks, or leak sensitive information.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:1.10.7-2+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:1.11.29-1~deb10u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl7rKgsACgkQEL6Jg/PV
nWQUpQf/a6ouTulgXuSAegdWfc6ehpmZVgKb8Ln6K9lqvHsvYQyNQVjI3Loj+Squ
Jw5n0gXf/n3uW9/gKlMC/gKVie/ED7STZFgFr5k4xMvFcXiTE1V9ljv2eIQjCh9o
YtT40NCCM1oTfVemsaoyUJ5rtr5nFznY3R8yf9Rdlq7I5SZGw5BdYHaUbSKutwIp
OnrjL+VscoMBffgtaJY6/tQyMwOPiu+xynUCKEfaMHRuwwHl1+rj7gr+HRImQhTX
7FezQOxpvLPrh/tj/4DdQ6VMG1ClOCPvISGuZ1mhnMHcHy2KzA5OtoWRnVks7udG
h/WYma9kPi3CSSYNWzEVTknN/wQwxA==
=7/E0
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Openshift

Otkriveni su sigurnosni nedostaci u programskom paketu Openshift za operacijski sustav . Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje XSS napada,...

Close