[ubuntu/jammy-proposed] python-django 2:3.2.12-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Apr 11 15:35:41 UTC 2022
python-django (2:3.2.12-2ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra()
- debian/patches/CVE-2022-28346.patch: prevent SQL injection in column
aliases in django/db/models/sql/query.py, tests/aggregation/tests.py,
tests/annotations/tests.py, tests/queries/tests.py,
tests/expressions/test_queryset_values.py.
- CVE-2022-28346
* SECURITY UPDATE: Potential SQL injection via
QuerySet.explain(**options) on PostgreSQL
- debian/patches/CVE-2022-28347.patch: prevent SQL injection in
django/db/backends/postgresql/features.py,
django/db/backends/postgresql/operations.py,
django/db/models/sql/query.py, tests/queries/test_explain.py.
- CVE-2022-28347
Date: Mon, 11 Apr 2022 08:16:53 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 11 Apr 2022 08:16:53 -0400
Source: python-django
Built-For-Profiles: noudeb
Architecture: source
Version: 2:3.2.12-2ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
python-django (2:3.2.12-2ubuntu1) jammy; urgency=medium
.
* SECURITY UPDATE: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra()
- debian/patches/CVE-2022-28346.patch: prevent SQL injection in column
aliases in django/db/models/sql/query.py, tests/aggregation/tests.py,
tests/annotations/tests.py, tests/queries/tests.py,
tests/expressions/test_queryset_values.py.
- CVE-2022-28346
* SECURITY UPDATE: Potential SQL injection via
QuerySet.explain(**options) on PostgreSQL
- debian/patches/CVE-2022-28347.patch: prevent SQL injection in
django/db/backends/postgresql/features.py,
django/db/backends/postgresql/operations.py,
django/db/models/sql/query.py, tests/queries/test_explain.py.
- CVE-2022-28347
Checksums-Sha1:
ecb409adb3d3aaf4b29034ce03b4e376c992d410 2914 python-django_3.2.12-2ubuntu1.dsc
5d5b2c9676a5030bcecf12fbbc7e177f319899f1 38684 python-django_3.2.12-2ubuntu1.debian.tar.xz
aa6581dc413ad180b3566550c60897cae59fea5d 14251 python-django_3.2.12-2ubuntu1_source.buildinfo
Checksums-Sha256:
71145c87596bd51932548f991688b10e0ae0cf9a777b4ac060cbaffe494ce1c5 2914 python-django_3.2.12-2ubuntu1.dsc
c78732f6860bd8ab47011599c1d9b7e8dd60cf7dc67b8ae103dd377ee6640524 38684 python-django_3.2.12-2ubuntu1.debian.tar.xz
6d7470801d3720a33a236e526bbb02c5767c9ccdaa293a9da5f5dc5b50b5b653 14251 python-django_3.2.12-2ubuntu1_source.buildinfo
Files:
9ac3550d78f7455cc9b1702033fc20ef 2914 python optional python-django_3.2.12-2ubuntu1.dsc
5f2030575e0f7b63f92a041b7f978ae5 38684 python optional python-django_3.2.12-2ubuntu1.debian.tar.xz
67e1f0a84a124334a5d5352a38bf3aa4 14251 python optional python-django_3.2.12-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>
More information about the jammy-changes
mailing list