Publishing details

• Removed from disk on 2022-07-05.
• Removal requested on 2022-07-05.
• Superseded on 2022-07-04 by python-django - 2:2.2.12-1ubuntu0.12
• Published on 2022-04-11
• Copied from ubuntu focal in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

python-django (2:2.2.12-1ubuntu0.11) focal-security; urgency=medium

  * SECURITY UPDATE: Potential SQL injection in QuerySet.annotate(),
    aggregate(), and extra()
    - debian/patches/CVE-2022-28346.patch: prevent SQL injection in column
      aliases in django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2022-28346
  * SECURITY UPDATE: Potential SQL injection via
    QuerySet.explain(**options) on PostgreSQL
    - debian/patches/CVE-2022-28347.patch: prevent SQL injection in
      django/db/backends/postgresql/features.py,
      django/db/backends/postgresql/operations.py,
      django/db/models/sql/query.py, tests/queries/test_explain.py.
    - CVE-2022-28347

 -- Marc Deslauriers <email address hidden>  Tue, 05 Apr 2022 12:32:17 -0400

Builds

• amd64

Package files

• python-django-doc_2.2.12-1ubuntu0.11_all.deb (3.0 MiB)
• python-django_2.2.12-1ubuntu0.11.debian.tar.xz (53.6 KiB)
• python-django_2.2.12-1ubuntu0.11.dsc (2.8 KiB)
• python-django_2.2.12.orig.tar.gz (8.5 MiB)
• python3-django_2.2.12-1ubuntu0.11_all.deb (2.5 MiB)