Publishing details

• Removed from disk on 2022-08-17.
• Removal requested on 2022-08-17.
• Superseded on 2022-08-16 by python-django - 3:3.2.15-1
• Published on 2022-05-29
• Copied from Primary Archive for Ubuntu by Ubuntu Archive Auto-Sync (sponsored by Ubuntu Archive Robot)
• Originally uploaded to debian sid in Primary Archive for Debian GNU/Linux

Changelog

python-django (2:3.2.13-1) unstable; urgency=high

  * New upstream security release:

    - CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
      aggregate(), and extra().

      QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
      injection in column aliases, using a suitably crafted dictionary, with
      dictionary expansion, as the **kwargs passed to these methods.

    - CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
      on PostgreSQL.

      QuerySet.explain() method was subject to SQL injection in option names,
      using a suitably crafted dictionary, with dictionary expansion, as the
      **options argument.

    See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>
    for more info.

 -- Chris Lamb <email address hidden>  Tue, 12 Apr 2022 18:22:30 +0200

Builds

• amd64

Package files

• python-django-doc_3.2.13-1_all.deb (3.1 MiB)
• python-django_3.2.13-1.debian.tar.xz (34.9 KiB)
• python-django_3.2.13-1.dsc (2.7 KiB)
• python-django_3.2.13.orig.tar.gz (9.4 MiB)
• python3-django_3.2.13-1_all.deb (2.9 MiB)