Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 837836 (CVE-2022-28346, CVE-2022-28347)

Summary: <dev-python/django-{2.2.28,3.2.13,4.0.4}: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: mgorny, python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
Whiteboard: B4 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 837848, 837851, 837854    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-11 14:28:28 UTC 
From URL:

"CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL"

Please bump to 2.2.28, 3.2.13, and 4.0.4.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-04-12 18:59:26 UTC 
cleanup done.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-13 14:34:32 UTC 
Thanks!