| Summary: | python-django new security issues CVE-2022-41323 and CVE-2023-23969 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs, yvesbrungard |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | python-django-4.1.1-1.mga9.src.rpm, python-django-3.2.15-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-10-06 13:38:51 CEST
David Walser
2022-10-06 13:39:06 CEST
Whiteboard:
(none) =>
MGA8TOO Ubuntu has issued an advisory for this on October 4: https://ubuntu.com/security/notices/USN-5653-1 Upstream has issued an advisory today (February 1): https://www.djangoproject.com/weblog/2023/feb/01/security-releases/ The issue is fixed upstream in 3.2.17 and 4.1.6. Mageia 8 is also affected. Status comment:
Fixed upstream in 3.2.16 and 4.1.2 =>
Fixed upstream in 3.2.17 and 4.1.6 4.1.6 just submitted to cauldron CC:
(none) =>
yves.brungard_mageia python3-django-3.2.17-1.mga8 Source: python-django-3.2.17-1.mga8.src.rpm Assignee:
python =>
qa-bugs (In reply to David Walser from comment #2) > Upstream has issued an advisory today (February 1): > https://www.djangoproject.com/weblog/2023/feb/01/security-releases/ > > The issue is fixed upstream in 3.2.17 and 4.1.6. > > Mageia 8 is also affected. Ubuntu has issued an advisory for this today (February 1): https://ubuntu.com/security/notices/USN-5837-1 MGA8-64 MATE on Acer Aspire 5253 No installation issues. Followed procedure from bug 29737: $ django-admin startproject mysite /usr/bin/django-admin:17: RemovedInDjango40Warning: django-admin.py is deprecated in favor of django-admin. warnings.warn( $ ls mysite manage.py* mysite/ $ cd mysite/ $ python manage.py migrate Operations to perform: Apply all migrations: admin, auth, contenttypes, sessions Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK and some more of these ...... $ ls db.sqlite3 manage.py* mysite/ $ python manage.py runserver Watching for file changes with StatReloader Performing system checks... System check identified no issues (0 silenced). February 02, 2023 - 09:34:48 Django version 3.2.17, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. Point the browser at http://localhost:8000/ and get "The install worked successfully! Congratulations!" Then on another tab in Konsole: $ python manage.py startapp polls $ ls polls admin.py apps.py __init__.py migrations/ models.py tests.py views.py This all looks OK. CC:
(none) =>
herman.viaene Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2023-02-06 21:11:54 CET
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0026.html Resolution:
(none) =>
FIXED |