[ubuntu/plucky-security] python-django 3:4.2.18-1ubuntu1.7 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Tue Dec 2 14:57:40 UTC 2025
python-django (3:4.2.18-1ubuntu1.7) plucky-security; urgency=medium
* SECURITY UPDATE: SQL injection in FilteredRelation column aliases on
PostgreSQL
- debian/patches/CVE-2025-13372.patch: protect FilteredRelation against
SQL injection in column aliases in
django/db/backends/postgresql/compiler.py,
django/db/backends/postgresql/operations.py,
tests/annotations/tests.py.
- CVE-2025-13372
* SECURITY UPDATE: DoS vulnerability in XML serializer text extraction
- debian/patches/CVE-2025-64460.patch: corrected quadratic inner text
accumulation in XML serializer in
django/core/serializers/xml_serializer.py,
docs/topics/serialization.txt,
tests/serializers/test_xml.py.
- CVE-2025-64460
Date: 2025-11-26 17:15:12.439137+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list