Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 837836 (CVE-2022-28346, CVE-2022-28347) - <dev-python/django-{2.2.28,3.2.13,4.0.4}: multiple vulnerabilities
Summary: <dev-python/django-{2.2.28,3.2.13,4.0.4}: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2022-28346, CVE-2022-28347
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.djangoproject.com/weblog/...
Whiteboard: B4 [glsa?]
Keywords:
Depends on: 837848 837851 837854
Blocks:
  Show dependency tree
 
Reported: 2022-04-11 14:28 UTC by John Helmert III
Modified: 2022-04-13 14:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-11 14:28:28 UTC
From URL:

"CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL"

Please bump to 2.2.28, 3.2.13, and 4.0.4.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-04-12 18:59:26 UTC
cleanup done.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-13 14:34:32 UTC
Thanks!