29603 – python-django-filter new security issue CVE-2020-15225

Bug 29603 - python-django-filter new security issue CVE-2020-15225

Summary: python-django-filter new security issue CVE-2020-15225

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-10-28 20:48 CEST by David Walser
Modified:	2021-11-18 22:52 CET (History)
CC List:	7 users (show)

See Also:
Source RPM:	python-django-filter-2.3.0-2.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-10-28 20:48:56 CEST

Fedora has issued an advisory on October 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/

The issue is fixed upstream in 21.1.

Mageia 8 is also affected.

David Walser 2021-10-28 20:49:11 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 21.1

Comment 1 Marja Van Waes 2021-10-29 11:42:02 CEST

Assigning to the python stack maintainers, CC'ing the registered maintainer.

Assignee: bugsquad => python
CC: (none) => makowski.mageia, marja11

Comment 2 Nicolas Lécureuil 2021-11-08 21:33:51 CET

Fixed in mga8/9

src:
    - python-django-filter-2.4.0-1.mga8

Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 21.1 => (none)
CC: (none) => mageia
Assignee: python => qa-bugs

David Walser 2021-11-08 22:07:53 CET

Version: Cauldron => 8

Comment 3 Herman Viaene 2021-11-12 15:58:09 CET

What is the rpm's name??? I cann't find anything like that in the current repo??

CC: (none) => herman.viaene

Comment 4 David Walser 2021-11-12 16:41:18 CET

python3-django-filter-2.4.0-1.mga8.noarch.rpm

Comment 5 Herman Viaene 2021-11-13 10:23:38 CET

MGA8-64 Plasma on Lenovo B50
No iinstallation issues.
Reading the README.1st file, this is developer's area, so OK on clean install.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2021-11-13 16:33:25 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-11-18 19:07:51 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2021-11-18 22:52:23 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0511.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.