782922 – (CVE-2021-30459) <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability

Bug 782922 (CVE-2021-30459) - <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability

Summary: <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability

Status:	IN_PROGRESS

Alias:	CVE-2021-30459

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A4 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2021-04-15 06:30 UTC by Michał Górny
Modified:	2021-07-29 18:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2021-04-15 06:30:53 UTC

+* Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now
+  calculates a signature on all fields for the SQL select, explain,
+  and analyze forms.

Comment 1 NATTkA bot gentoo-dev

2021-04-15 06:32:21 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: dev-python/django-debug-toolbar-3.2.1

Comment 2 John Helmert III gentoo-dev

2021-06-11 20:47:27 UTC

No stable versions so not sure why this got CC-ARCHES. Please cleanup.

Comment 3 Larry the Git Cow gentoo-dev

2021-07-24 06:22:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa8e0ced3f4f882179e3ffa58df0362d9d66db9f

commit aa8e0ced3f4f882179e3ffa58df0362d9d66db9f
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-07-24 06:20:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-07-24 06:21:50 +0000

    dev-python/django-debug-toolbar: drop 3.1
    
    Bug: https://bugs.gentoo.org/782922
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-python/django-debug-toolbar/Manifest           |  1 -
 .../django-debug-toolbar-3.1.ebuild                | 54 ----------------------
 2 files changed, 55 deletions(-)

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:23:07 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:31:26 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:39:23 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 17:47:34 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 18:03:29 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 18:11:48 UTC

Package list is empty or all packages have requested keywords.