[ubuntu/jammy-proposed] python-django 2:3.2.12-2ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Apr 11 15:35:41 UTC 2022


python-django (2:3.2.12-2ubuntu1) jammy; urgency=medium

  * SECURITY UPDATE: Potential SQL injection in QuerySet.annotate(),
    aggregate(), and extra()
    - debian/patches/CVE-2022-28346.patch: prevent SQL injection in column
      aliases in django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2022-28346
  * SECURITY UPDATE: Potential SQL injection via
    QuerySet.explain(**options) on PostgreSQL
    - debian/patches/CVE-2022-28347.patch: prevent SQL injection in
      django/db/backends/postgresql/features.py,
      django/db/backends/postgresql/operations.py,
      django/db/models/sql/query.py, tests/queries/test_explain.py.
    - CVE-2022-28347

Date: Mon, 11 Apr 2022 08:16:53 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 11 Apr 2022 08:16:53 -0400
Source: python-django
Built-For-Profiles: noudeb
Architecture: source
Version: 2:3.2.12-2ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-django (2:3.2.12-2ubuntu1) jammy; urgency=medium
 .
   * SECURITY UPDATE: Potential SQL injection in QuerySet.annotate(),
     aggregate(), and extra()
     - debian/patches/CVE-2022-28346.patch: prevent SQL injection in column
       aliases in django/db/models/sql/query.py, tests/aggregation/tests.py,
       tests/annotations/tests.py, tests/queries/tests.py,
       tests/expressions/test_queryset_values.py.
     - CVE-2022-28346
   * SECURITY UPDATE: Potential SQL injection via
     QuerySet.explain(**options) on PostgreSQL
     - debian/patches/CVE-2022-28347.patch: prevent SQL injection in
       django/db/backends/postgresql/features.py,
       django/db/backends/postgresql/operations.py,
       django/db/models/sql/query.py, tests/queries/test_explain.py.
     - CVE-2022-28347
Checksums-Sha1:
 ecb409adb3d3aaf4b29034ce03b4e376c992d410 2914 python-django_3.2.12-2ubuntu1.dsc
 5d5b2c9676a5030bcecf12fbbc7e177f319899f1 38684 python-django_3.2.12-2ubuntu1.debian.tar.xz
 aa6581dc413ad180b3566550c60897cae59fea5d 14251 python-django_3.2.12-2ubuntu1_source.buildinfo
Checksums-Sha256:
 71145c87596bd51932548f991688b10e0ae0cf9a777b4ac060cbaffe494ce1c5 2914 python-django_3.2.12-2ubuntu1.dsc
 c78732f6860bd8ab47011599c1d9b7e8dd60cf7dc67b8ae103dd377ee6640524 38684 python-django_3.2.12-2ubuntu1.debian.tar.xz
 6d7470801d3720a33a236e526bbb02c5767c9ccdaa293a9da5f5dc5b50b5b653 14251 python-django_3.2.12-2ubuntu1_source.buildinfo
Files:
 9ac3550d78f7455cc9b1702033fc20ef 2914 python optional python-django_3.2.12-2ubuntu1.dsc
 5f2030575e0f7b63f92a041b7f978ae5 38684 python optional python-django_3.2.12-2ubuntu1.debian.tar.xz
 67e1f0a84a124334a5d5352a38bf3aa4 14251 python optional python-django_3.2.12-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>


More information about the jammy-changes mailing list