What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4705-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 18, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2020-9402 CVE-2020-13254 CVE-2020-13596

It was discovered that Django, a high-level Python web development
framework, did not properly sanitize input. This would allow a remote
attacker to perform SQL injection attacks, Cross-Site Scripting (XSS)
attacks, or leak sensitive information.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:1.10.7-2+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:1.11.29-1~deb10u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4705-1: python-django security update

June 18, 2020
It was discovered that Django, a high-level Python web development framework, did not properly sanitize input

Summary

For the oldstable distribution (stretch), these problems have been fixed
in version 1:1.10.7-2+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:1.11.29-1~deb10u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
It was discovered that Django, a high-level Python web development
framework, did not properly sanitize input. This would allow a remote
attacker to perform SQL injection attacks, Cross-Site Scripting (XSS)
attacks, or leak sensitive information.

Related News

Python’s New Security Developer Has Plans to Secure the Language

Nov 26, 2023

Cryptsetup Lands Support For OPAL Self Encrypting Drives

Aug 21, 2023

Mirai-based DDoS Attackers Aggressively Adopted New Router Exploits

Oct 10, 2023

What is LEMP Stack?

Sep 8, 2023

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug
Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

Footer Logo