diff options
| author | Chris Lamb <lamby@debian.org> | 2021-12-07 14:55:11 -0800 |
|---|---|---|
| committer | Chris Lamb <lamby@debian.org> | 2021-12-07 14:55:11 -0800 |
| commit | f6814ff139feec0ef1ec80536327884449725673 (patch) | |
| tree | 2e45fb68f35c4cefe38dc9c45ed76e04632181c8 | |
| parent | 27d0cbb366a0883f9cbd0019ca4434eff2091691 (diff) | |
Triage CVE-2021-44420 in python-django for stretch LTS.
| -rw-r--r-- | data/CVE/2021.list | 1 | ||||
| -rw-r--r-- | data/dla-needed.txt | 2 |
2 files changed, 1 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 38e049390f..d9492fb555 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -688,6 +688,7 @@ CVE-2021-44420 [Potential bypass of an upstream access control based on URL path - python-django 2:3.2.10-1 [bullseye] - python-django <no-dsa> (Minor issue) [buster] - python-django <no-dsa> (Minor issue) + [stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later) NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1 NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/ NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 06c7a4cd7c..cbca4b18b2 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -68,8 +68,6 @@ nvidia-graphics-drivers (Markus Koschany) pgbouncer (Thorsten Alteholz) NOTE: 20211128: also help with other releases -- -python-django (Chris Lamb) --- rustc (Roberto C. Sánchez) NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable NOTE: https://bugs.debian.org/928422 |