Search results

Query:
Filters:	Content type Categories  LWN Feature article  Guest article  News item  Email item  Security alert  Security vulnerability  Kernel patch  Comment  Announcements  Briefs  Commerce  Development  Distributions  Front  Kernel  Legal  Letters  Press  Security  Select all  Select all
Order by:	relevance date

Search results

Debian security update to python-django
([Security] Posted Oct 31, 2022 17:48 UTC (Mon) by jake )

CVE IDs        : CVE-2020-24583 CVE-2020-24584 CVE-2021-3281
                 CVE-2021-23336 CVE-2022-34265
Debian Bugs    : 969367 981562 983090 1014541

Multiple vulnerabilities were discovered in Django, a popular
Python-based web development framework:

 * CVE-2020-24583: Fix incorrect permissions on intermediate-level
   directories on Python 3.7+. FILE

Fedora security update to python-django
([Security] Posted Sep 14, 2020 14:55 UTC (Mon) by ris )

CVE-2020-24583, CVE-2020-24584
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep  3 2020 Matthias Runge <mrunge@redhat.com> - 3.0.10-1
- update to 3.0.10, fixes CVE-2020-24583, CVE-2020-24584
  (rhbz#1874487, rhbz#1874494)
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.7-3
- Rebuilt for  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
* Wed Jun 24 2020 Michel

Fedora security update to python-django
([Security] Posted Sep 14, 2020 14:55 UTC (Mon) by ris )

CVE-2020-24583, CVE-2020-24584
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep  3 2020 Matthias Runge <mrunge@redhat.com> - 2.2.16-1
- update to 2.2.16, CVE-2020-24583, CVE-2020-24584
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1874492 - CVE-2020-24584 django: permission escalation in intermediate-level
directories of the file system cache on Python 3.7+
         https://bugzilla.redhat.com

Arch Linux security update to python-django
([Security] Posted Sep 10, 2020 13:32 UTC (Thu) by jake )

CVE-ID  : CVE-2020-24583 CVE-2020-24584
Package : python-django
Type    : multiple issues
Remote  : Yes
Link    :  https://security.archlinux.org/AVG-1217 

Summary
=======

The package python-django before version 3.1.1-1 is vulnerable to
multiple issues including access restriction bypass and insufficient
validation.

Resolution
==========

Upgrade to 3.1.1-1.

# pacman -Syu "python

Ubuntu security update to python-django
([Security] Posted Sep 1, 2020 14:56 UTC (Tue) by ris )

Ubuntu 20.04 LTS:
  python3-django                  2:2.2.12-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
   https://usn.ubuntu.com/4479-1 
  CVE-2020-24583, CVE-2020-24584

Package Information:
   https://launchpad.net/ubuntu/+source/python-django/2:2.2.... 

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
 https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...