From https://bugzilla.redhat.com/1810088 : A flaw was found in Django in a way that GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance. Reference: https://www.djangoproject.com/weblog/2020/mar/04/security-releases/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
*** Bug 711624 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d0858ec7469d1327e9fad71108a9a637469851e commit 6d0858ec7469d1327e9fad71108a9a637469851e Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-03-06 14:13:35 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-03-06 14:38:30 +0000 dev-python/django: Remove vulnerable (drop to ~arch) Bug: https://bugs.gentoo.org/692384 Bug: https://bugs.gentoo.org/701744 Bug: https://bugs.gentoo.org/706204 Bug: https://bugs.gentoo.org/707998 Bug: https://bugs.gentoo.org/711522 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/django/Manifest | 4 -- dev-python/django/django-2.1.8.ebuild | 88 --------------------------------- dev-python/django/django-2.1.9.ebuild | 88 --------------------------------- dev-python/django/django-2.2.1.ebuild | 91 ----------------------------------- dev-python/django/django-2.2.2.ebuild | 91 ----------------------------------- 5 files changed, 362 deletions(-)
This issue was resolved and addressed in GLSA 202004-17 at https://security.gentoo.org/glsa/202004-17 by GLSA coordinator Thomas Deutschmann (whissi).