-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2622-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 09, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-django Version : 1:1.10.7-2+deb9u12 CVE ID : CVE-2021-28658 Debian Bug : #986447 It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 "Stretch", this problem has been fixed in version 1:1.10.7-2+deb9u12. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBwPekACgkQHpU+J9Qx Hli1TA/9HV3MkXufNm8DQC8xvyG/G8zOUccDAtNJsYFRKxhm3YRrt2xC7AIQvPHw PAVb5+o9jqNuK32s9Ezmidcuz8+nf6/F022RJNj3chEh6ChQs1W1J7I7tbKpUVMl Ci/57o1gKvk/7ejU1xoY4gLaO+XtjbWFgaC/LgJsaxhGgHar2gFqZMJW+0/XVJIx XOfPUTt/93FHXYgF+Yx+noN8uK/JjsO1X2CBFsWc3TDTAj9U4LskGxpcnUcRVdWV JOPVZbtTHla1hB0n9NPrriVoHf9vWYK5ZKR9jX3Ntp+B3MngBb9bYkPW+iq7ocOV SJzbOKXMHXerXopZTf1tSCx6ccJuFidcbbdh7bczN8hqtkdTv0HyPk3rtvvEriI5 crSRom1zqEUc7Somebw3Mgbo1UF0dHTA0ZWlNvwRnPR1GanKCee++tm9mKaSePC6 0KGBlWKZffk3vZO7bNc3TcuEMzaXF7s5cWNa/KCtrS/2tiM3g0gV3rzKhq69Fcu+ RxCcoQharQbZxdAH8WyepByF6v45xgjiYbP9ClYJPxVus1KU7F+zKadqKSwYlIrS dfMvkLIb9LucZUyzB/+b9yuObaWs+NoC8U9pcY8JcjixXId3bQKCVCEE1YIN+9j6 o0vop0ZuCBu95/i1WBF04WW0SI/UKdVcoBbK9+YCODdssOSpSFo= =hYiv -----END PGP SIGNATURE-----
