Summary: | <dev-python/django-{3.1.13,3.2.5}: SQL injection vulnerability in QuerySet.order_by() (CVE-2021-35042) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.djangoproject.com/weblog/2021/jul/01/security-releases/ | ||
Whiteboard: | B3 [glsa? cve] | ||
Package list: |
dev-python/django-3.1.13
dev-python/django-3.2.5
|
Runtime testing required: | --- |
Description
John Helmert III
2021-07-01 14:07:52 UTC
I'm going to push it shortly. Unable to check for sanity:
> no match for package: dev-python/django-3.1.13
All sanity-check issues have been resolved (In reply to Michał Górny from comment #1) > I'm going to push it shortly. Thanks! ALLARCHES stable. Closing. Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c506557f7b14cca0811349b39c15d2a87fb8984 commit 8c506557f7b14cca0811349b39c15d2a87fb8984 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-07-02 16:01:36 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-07-02 16:05:19 +0000 dev-python/django: Remove old Bug: https://bugs.gentoo.org/799710 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/django/Manifest | 4 -- dev-python/django/django-3.1.12.ebuild | 95 ------------------------------ dev-python/django/django-3.2.4.ebuild | 103 --------------------------------- 3 files changed, 202 deletions(-) Thank you! GLSA request filed. Unable to check for sanity:
> no match for package: dev-python/django-3.2.5
Unable to check for sanity:
> no match for package: dev-python/django-3.1.13
|