-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2982-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 14, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-django Version : 1:1.10.7-2+deb9u16 CVE ID : CVE-2022-28346 Debian Bug : #1009677 It was discovered that there was potential SQL injection attack vulnerability in Django, a popular Python-based web development framework. QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods. For more information, please see: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ For Debian 9 "Stretch", this problem has been fixed in version 1:1.10.7-2+deb9u16. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmJYQXwACgkQHpU+J9Qx HlhvxxAApORZR07Bo6XcViIWJRdiewPjDzK013qFP6Wm/hI9bbIpID3z83xbchb0 G/SNpbyLJWaBhSqGjWecbMIskuUNfas4mh3eZ/F6uJoFxGvW0asA8kgqcLI4z7d0 uWzhi/WyIKNGTbS+J82oiS1weEj3TfNWtLaiDtA37/fJxFGRGRKjLerpCuOve1t+ XcdpuwzEyw1aiqQlD6PlEy87Dntr6+zUtEhQP6/o/sLF5vrIKDivSsfgssPB+QR0 6zKvYhDzpcKxX46Mj0llXVLREOkj/CxKnQPFOnCiuiL0q+JZLXJb2LYVSlV0h6j2 /DD5LK6EgNT++OTP3SdoRVIukEjpHPWiHdYkYBVUvcC05fA2+klU2vm12boooZ0a YoFewRbdDmXR4nIiq0jRU7wqkrryfyEGz2lE4Ej/BADye0ZIPcYZC1Jbgi+Cl21Q ahM1jK7AZCFVwVnvcwirv/ZPRwCqPbWDVQEJIolhvFtwpZ4YLEdZ+qALH0K0eIu2 ldPcWIZXXFiL2sn9JjBMnhq1komJ6UtwyRYOcxNRB4EImjzr9QAPS5q4ohmvZ7E0 MsAr7AqJOXhKp5oqbp30Fvx5Om7HYyo/8KrXAMZQAUuPMNKM+LzNV3O4YSkZ9f9w zNRpiLYf58bQ9TDSZT8JwfWdysG0CZtba9uWLS0/9PMjNFakm6I= =RZ82 -----END PGP SIGNATURE-----
