[ubuntu/plucky-security] python-django 3:4.2.18-1ubuntu1.5 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Wed Oct 1 16:12:04 UTC 2025
python-django (3:4.2.18-1ubuntu1.5) plucky-security; urgency=medium
* SECURITY UPDATE: Potential SQL injection
- debian/patches/CVE-2025-59681.patch: protect against SQL injection in
django/db/models/sql/query.py, tests/aggregation/tests.py,
tests/annotations/tests.py,
tests/expressions/test_queryset_values.py, tests/queries/tests.py.
- CVE-2025-59681
* SECURITY UPDATE: Potential partial directory-traversal
- debian/patches/CVE-2025-59682.patch: validate path in
django/utils/archive.py, tests/utils_tests/test_archive.py.
- CVE-2025-59682
Date: 2025-09-24 17:17:13.598154+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list