-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2569-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-django Version : 1:1.10.7-2+deb9u11 CVE ID : CVE-2021-23336 Debian Bug : #983090 It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework. This was caused by the unsafe handling of ";" characters in Python's urllib.parse.parse_qsl method which had been backported to Django's codebase to fix some other security issues in the past. For Debian 9 "Stretch", this problem has been fixed in version 1:1.10.7-2+deb9u11. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAv5dgACgkQHpU+J9Qx HljAkhAAufqE1DWo2miWN5JEaJzLhYT7XfjNRKZNFwoYyI+Kpruf9NP4nhSW3NMQ YjH7Dks7ucvkQwChOZ54Jq/ulHqwPfMrEKPx+dAVMNBC2uvljEb0kSVI697u+/oh bg0+HnXc3xJdlB1kXnsxgA2wpCrNZw4Bo5H3Adc8MrnBmF9fc7ujBzAaajwVhmoj t97jy0axt3TPTaUs6TCrnOuJLt7N9T/XEjKcOVMk7y7GSJzty9NmW1GLtnf1AktE RIP/A9mScuCRZFwwtwvFmXGm8YXGf0Zl8lKSUjPiavyck1AmF8goEjnU+7ssJfaI awlqLCzS7ySz6fxRiFEqcQwCoSrM82jnV+na/Z4vZPsUpfQKxroYtPQVHZTqwhFh HxsdeuE/+yCBa8qvixt+ZEDV8KQpAdk9fE0gA2RMUbAHFNfP5nVOv5RH6u+JBHZa 77yDfBwfsZogjNQ2gqLial4HY06Fy5UtWZlZxkaEy9wDKfmDz8Xs4V3Y0OczFb9I Ih7MbBVVnFnwKPeX1Oh9JpTLlgSJoRHrjK2KQdYindxb2HK7j4tcl283UV0sSCPU +n6NvYa5OtRKob2PvNDspRud8xOz8TFxZwU2Ouvxv2pFqwpO6AWOEeRpMsljkUXx /gq6rW3VZKygGSoQOoCEk6Z3KhJjrrjqalpmOyjc4DGJO9phJoE= =5MRy -----END PGP SIGNATURE-----
