* CVE-2020-13254 Description: "In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends." * CVE-2020-13596 Description: "Query parameters for the admin ``ForeignKeyRawIdWidget`` were not properly URL encoded, posing an XSS attack vector. ``ForeignKeyRawIdWidget`` now ensures query parameters are correctly URL encoded."
@maintainer(s): ping
Very minor changes (2.2.12 had one bugfix, https://docs.djangoproject.com/en/3.0/releases/2.2.12/) and then 2.2.13 is just security fixes, so if no objections, I'll go ahead?
Yeah, sorry.
(In reply to Michał Górny from comment #3) > Yeah, sorry. No need for apologies!
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: no.