Debian Security Advisory
DLA-2233-2 python-django -- LTS regression update
- Date Reported:
- 12 Jun 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-13254.
- More information:
It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some situations, cause a traceback.
Please see https://code.djangoproject.com/ticket/31654 for more information.
CVE-2020-13254: Potential data leakage via malformed memcached keys.
In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.
For Debian 8
Jessie, these problems have been fixed in version 1.7.11-1+deb8u10.
We recommend that you upgrade your python-django packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2020-13254: Potential data leakage via malformed memcached keys.