Bug 33387

Summary:	python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Product:	Mageia	Reporter:	Nicolas Salguero <nicolas.salguero>
Component:	Security	Assignee:	Python Stack Maintainers <python>
Status:	NEW ---	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA9TOO
Source RPM:	python-django-5.0.6-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm	CVE:	CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Status comment:	Fixed upstream in 5.0.7 and patches available from upstream

Description Nicolas Salguero 2024-07-10 09:46:07 CEST

Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/07/09/3
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

Nicolas Salguero 2024-07-10 09:47:22 CEST

Status comment: (none) => Fixed upstream in 5.0.7 and patches available from upstream
CVE: (none) => CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => python-django-5.0.6-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm

Comment 1 Lewis Smith 2024-07-10 20:21:29 CEST

The Openwall URL has links to patches for each CVE and each module version:
 main
 5.1
 5.0
 4.2
and two available release:
 * Django 5.0.7 (`download Django 5.0.7
 * Django 4.2.14 (`download Django 4.2.14
Perhaps the latter will do for Mageia 9.

Assignee: bugsquad => python