- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2622-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 09, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : python-django Version : 1:1.10.7-2+deb9u12 CVE ID : CVE-2021-28658 Debian Bug : #986447 It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 "Stretch", this problem has been fixed in version 1:1.10.7-2+deb9u12. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS