Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 782922 (CVE-2021-30459) - <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability
Summary: <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability
Status: IN_PROGRESS
Alias: CVE-2021-30459
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-15 06:30 UTC by Michał Górny
Modified: 2021-07-29 18:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-04-15 06:30:53 UTC
+* Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now
+  calculates a signature on all fields for the SQL select, explain,
+  and analyze forms.
Comment 1 NATTkA bot gentoo-dev 2021-04-15 06:32:21 UTC Comment hidden (obsolete)
Comment 2 John Helmert III gentoo-dev Security 2021-06-11 20:47:27 UTC
No stable versions so not sure why this got CC-ARCHES. Please cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2021-07-24 06:22:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa8e0ced3f4f882179e3ffa58df0362d9d66db9f

commit aa8e0ced3f4f882179e3ffa58df0362d9d66db9f
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-07-24 06:20:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-07-24 06:21:50 +0000

    dev-python/django-debug-toolbar: drop 3.1
    
    Bug: https://bugs.gentoo.org/782922
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-python/django-debug-toolbar/Manifest           |  1 -
 .../django-debug-toolbar-3.1.ebuild                | 54 ----------------------
 2 files changed, 55 deletions(-)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:23:07 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:31:26 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:39:23 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:47:34 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:03:29 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 18:11:48 UTC
Package list is empty or all packages have requested keywords.