[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2622-1] python-django security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2622-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
April 09, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-django
Version        : 1:1.10.7-2+deb9u12
CVE ID         : CVE-2021-28658
Debian Bug     : #986447

It was discovered that there was a potential directory traversal
issue in Django, a Python-based web development framework.

The vulnerability could have been exploited by maliciously crafted
filenames. However, the upload handlers built into Django itself
were not affected.

For Debian 9 "Stretch", this problem has been fixed in version
1:1.10.7-2+deb9u12.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBwPekACgkQHpU+J9Qx
Hli1TA/9HV3MkXufNm8DQC8xvyG/G8zOUccDAtNJsYFRKxhm3YRrt2xC7AIQvPHw
PAVb5+o9jqNuK32s9Ezmidcuz8+nf6/F022RJNj3chEh6ChQs1W1J7I7tbKpUVMl
Ci/57o1gKvk/7ejU1xoY4gLaO+XtjbWFgaC/LgJsaxhGgHar2gFqZMJW+0/XVJIx
XOfPUTt/93FHXYgF+Yx+noN8uK/JjsO1X2CBFsWc3TDTAj9U4LskGxpcnUcRVdWV
JOPVZbtTHla1hB0n9NPrriVoHf9vWYK5ZKR9jX3Ntp+B3MngBb9bYkPW+iq7ocOV
SJzbOKXMHXerXopZTf1tSCx6ccJuFidcbbdh7bczN8hqtkdTv0HyPk3rtvvEriI5
crSRom1zqEUc7Somebw3Mgbo1UF0dHTA0ZWlNvwRnPR1GanKCee++tm9mKaSePC6
0KGBlWKZffk3vZO7bNc3TcuEMzaXF7s5cWNa/KCtrS/2tiM3g0gV3rzKhq69Fcu+
RxCcoQharQbZxdAH8WyepByF6v45xgjiYbP9ClYJPxVus1KU7F+zKadqKSwYlIrS
dfMvkLIb9LucZUyzB/+b9yuObaWs+NoC8U9pcY8JcjixXId3bQKCVCEE1YIN+9j6
o0vop0ZuCBu95/i1WBF04WW0SI/UKdVcoBbK9+YCODdssOSpSFo=
=hYiv
-----END PGP SIGNATURE-----


Reply to: