Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 782922 (CVE-2021-30459) - <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability
Summary: <dev-python/django-debug-toolbar-3.2.1: SQL Injection vulnerability
Status: RESOLVED FIXED
Alias: CVE-2021-30459
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-15 06:30 UTC by Michał Górny
Modified: 2022-06-05 15:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-04-15 06:30:53 UTC 
+* Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now
+  calculates a signature on all fields for the SQL select, explain,
+  and analyze forms.
Comment 1 NATTkA bot gentoo-dev 2021-04-15 06:32:21 UTC Comment hidden (obsolete)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-11 20:47:27 UTC 
No stable versions so not sure why this got CC-ARCHES. Please cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2021-07-24 06:22:09 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa8e0ced3f4f882179e3ffa58df0362d9d66db9f

commit aa8e0ced3f4f882179e3ffa58df0362d9d66db9f
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-07-24 06:20:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-07-24 06:21:50 +0000

    dev-python/django-debug-toolbar: drop 3.1
    
    Bug: https://bugs.gentoo.org/782922
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-python/django-debug-toolbar/Manifest           |  1 -
 .../django-debug-toolbar-3.1.ebuild                | 54 ----------------------
 2 files changed, 55 deletions(-)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:23:07 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:31:26 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:39:23 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:47:34 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:03:29 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 18:11:48 UTC 
Package list is empty or all packages have requested keywords.
Comment 10 Larry the Git Cow gentoo-dev 2022-06-05 14:18:41 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e867ef40ae2457a49ca22c60f5abc9976f18769f

commit e867ef40ae2457a49ca22c60f5abc9976f18769f
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2022-06-05 14:14:32 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2022-06-05 14:16:38 +0000

    dev-python/django-debug-toolbar: treeclean
    
    Closes: https://bugs.gentoo.org/623290
    Bug: https://bugs.gentoo.org/782922
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 dev-python/django-debug-toolbar/Manifest           |  1 -
 .../django-debug-toolbar-3.4.ebuild                | 52 ----------------------
 dev-python/django-debug-toolbar/metadata.xml       | 12 -----
 profiles/package.mask                              |  1 -
 4 files changed, 66 deletions(-)
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-05 15:08:29 UTC 
(In reply to John Helmert III from comment #2)
> No stable versions so not sure why this got CC-ARCHES. Please cleanup.

Whoops, all unstable so no GLSA. All done!