summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Lamb <lamby@debian.org>2021-12-07 14:55:11 -0800
committerChris Lamb <lamby@debian.org>2021-12-07 14:55:11 -0800
commitf6814ff139feec0ef1ec80536327884449725673 (patch)
tree2e45fb68f35c4cefe38dc9c45ed76e04632181c8
parent27d0cbb366a0883f9cbd0019ca4434eff2091691 (diff)
Triage CVE-2021-44420 in python-django for stretch LTS.
-rw-r--r--data/CVE/2021.list1
-rw-r--r--data/dla-needed.txt2
2 files changed, 1 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 38e049390f..d9492fb555 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -688,6 +688,7 @@ CVE-2021-44420 [Potential bypass of an upstream access control based on URL path
- python-django 2:3.2.10-1
[bullseye] - python-django <no-dsa> (Minor issue)
[buster] - python-django <no-dsa> (Minor issue)
+ [stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 06c7a4cd7c..cbca4b18b2 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -68,8 +68,6 @@ nvidia-graphics-drivers (Markus Koschany)
pgbouncer (Thorsten Alteholz)
NOTE: 20211128: also help with other releases
--
-python-django (Chris Lamb)
---
rustc (Roberto C. Sánchez)
NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
NOTE: https://bugs.debian.org/928422

© 2014-2022 Faster IT GmbH | imprint | privacy policy