Bug 29737 - python-django new security issue CVE-2021-44420
Summary: python-django new security issue CVE-2021-44420
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-12-07 22:49 CET by David Walser
Modified: 2021-12-10 23:20 CET (History)
5 users (show)

See Also:
Source RPM: python-django-3.2.9-1.mga9.src.rpm, python-django-3.1.13-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-12-07 22:49:52 CET 
Upstream has issued an advisory today (December 7):
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/

The issue is fixed upstream in 3.1.14 and 3.2.10.

Mageia 8 is also affected.

Ubuntu has issued an advisory for this today:
https://ubuntu.com/security/notices/USN-5178-1
David Walser 2021-12-07 22:52:14 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 3.1.14 and 3.2.10

Comment 1 Nicolas Lécureuil 2021-12-08 00:19:33 CET 
Fixed in mga8/9:

src:
    - python-django-3.1.14-1.mga8

Status comment: Fixed upstream in 3.1.14 and 3.2.10 => (none)
CC: (none) => mageia
Assignee: python => qa-bugs
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 2 David Walser 2021-12-08 00:24:54 CET 
RPM:
python3-django-3.1.14-1.mga8
Comment 3 Herman Viaene 2021-12-09 14:46:14 CET 
MGA8-64 Plasma on Lenovo B50
No istallation issues
Followed Len's testing from bug 28802 Comment 11 with a littl snag.
$ django-admin startproject mysite
$ ls mysite
manage.py*  mysite/
$ python manage.py migrate
python: can't open file 'manage.py': [Errno 2] No such file or directory
$ cd mysite/
$ python manage.py migrate
Operations to perform:
  Apply all migrations: admin, auth, contenttypes, sessions
Running migrations:
  Applying contenttypes.0001_initial... OK
  Applying auth.0001_initial... OK
  Applying admin.0001_initial... OK
  Applying admin.0002_logentry_remove_auto_add... OK
  Applying admin.0003_logentry_add_action_flag_choices... OK
  Applying contenttypes.0002_remove_content_type_name... OK
  Applying auth.0002_alter_permission_name_max_length... OK
  Applying auth.0003_alter_user_email_max_length... OK
  Applying auth.0004_alter_user_username_opts... OK
  Applying auth.0005_alter_user_last_login_null... OK
  Applying auth.0006_require_contenttypes_0002... OK
  Applying auth.0007_alter_validators_add_error_messages... OK
  Applying auth.0008_alter_user_username_max_length... OK
  Applying auth.0009_alter_user_last_name_max_length... OK
  Applying auth.0010_alter_group_name_max_length... OK
  Applying auth.0011_update_proxy_permissions... OK
  Applying auth.0012_alter_user_first_name_max_length... OK
  Applying sessions.0001_initial... OK
$ ls
db.sqlite3  manage.py*  mysite/
$  python manage.py runserver
Watching for file changes with StatReloader
Performing system checks...

System check identified no issues (0 silenced).
December 09, 2021 - 13:36:19
Django version 3.1.14, using settings 'mysite.settings'
Starting development server at http://127.0.0.1:8000/

Checked localhost:8000/
"The install worked successfully! Congratulations!"
plus an animation of a rocketship launching.  Links to documentation, the community , I didn't check the Polling tutorial
Then on another tab in Konsole:
$ python manage.py startapp polls
[tester8@mach5 mysite]$ ls polls
admin.py  apps.py  __init__.py  migrations/  models.py  tests.py  views.py

Seems all OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2021-12-09 19:33:05 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-12-10 21:50:32 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2021-12-10 23:20:28 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0552.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.