Package: python-django Version: 1.7.11-1+deb8u11 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for python-django. CVE-2021-28658[0][1]: MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. This affects all versions in Debian, including 1.7.11-1+deb8u11 in jessie ELTS. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-28658 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28658 [1] https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-