Package: python-django Version: 1.7.11-1+deb8u3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for python-django. CVE-2020-13254[0]: | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before | 3.0.7. In cases where a memcached backend does not perform key | validation, passing malformed cache keys could result in a key | collision, and potential data leakage. CVE-2020-13596[1]: | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before | 3.0.7. Query parameters generated by the Django admin | ForeignKeyRawIdWidget were not properly URL encoded, leading to a | possibility of an XSS attack. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13254 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254 [1] https://security-tracker.debian.org/tracker/CVE-2020-13596 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-