[Git][security-tracker-team/security-tracker][master] Bookworm triage for python-django issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
07196966 by Salvatore Bonaccorso at 2024-08-23T21:34:02+02:00
Bookworm triage for python-django issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4630,18 +4630,22 @@ CVE-2024-7518 (Select options could obscure the 
fullscreen notification dialog.
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7518
 CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.15-1 (bug #1078074)
+       [bookworm] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
        NOTE: 
https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/
 (4.2.15)
 CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.15-1 (bug #1078074)
+       [bookworm] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
        NOTE: 
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/
 (4.2.15)
 CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.15-1 (bug #1078074)
+       [bookworm] - python-django <no-dsa> (Minor issue; intrusive to backport)
        NOTE: 
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
        NOTE: 
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/
 (4.2.15)
 CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.15-1 (bug #1078074)
+       [bookworm] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
        NOTE: 
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/
 (4.2.15)
 CVE-2024-42062 (CloudStack account-users by default use username and password 
based au ...)
@@ -11031,14 +11035,17 @@ CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks 
proper validation of the leng
        NOT-FOR-US: Delta Electronics
 CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.14-1 (bug #1076069)
+       [bookworm] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
        NOTE: 
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
 (4.2.14)
 CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.14-1 (bug #1076069)
+       [bookworm] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
        NOTE: 
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
 (4.2.14)
 CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 
before 4.2. ...)
        - python-django 3:4.2.14-1 (bug #1076069)
+       [bookworm] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
        NOTE: 
https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
 (4.2.14)
 CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was 
discovered ...)
@@ -11057,6 +11064,7 @@ CVE-2024-38959 (Cross Site Scripting vulnerability in 
Creativeitem Academy LMS L
        NOT-FOR-US: Creativeitem Academy LMS Learning Management System
 CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 
before 5.0 ...)
        - python-django 3:4.2.14-1 (bug #1076069)
+       [bookworm] - python-django <no-dsa> (Minor issue; intrusive to backport)
        NOTE: 
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
        NOTE: 
https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
 (4.2.14)
 CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, 
contains an  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07196966b7c78e3f182827360a42e2a419f8f7fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07196966b7c78e3f182827360a42e2a419f8f7fd
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits