Upstream has issued an advisory today (April 11): https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ The issues are fixed upstream in 3.2.13. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 3.2.13Whiteboard: (none) => MGA8TOO
Ubuntu has issued an advisory for this today (April 11): https://ubuntu.com/security/notices/USN-5373-1
Updated package uploaded for Mageia 8 and Cauldron by papoteur: python3-django-3.2.13-1.mga8 from python-django-3.2.13-1.mga8.src.rpm
CC: (none) => yves.brungard_mageiaStatus comment: Fixed upstream in 3.2.13 => (none)Assignee: python => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)
mga8, x86_64 Checked the core version for later comparison by creating a project as in bug 28802. Successful installion of mysite. Removed the whole project tree and ran the update. $ django-admin startproject mysite $ ls mysite manage.py* mysite/ $ cd mysite $ python manage.py migrate Operations to perform: Apply all migrations: admin, auth, contenttypes, sessions Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK [...] Applying auth.0012_alter_user_first_name_max_length... OK Applying sessions.0001_initial... OK $ tree . ├── db.sqlite3 ├── manage.py └── mysite ├── asgi.py ├── __init__.py ├── __pycache__ │ ├── __init__.cpython-38.pyc │ ├── settings.cpython-38.pyc │ └── urls.cpython-38.pyc ├── settings.py ├── urls.py └── wsgi.py $ python manage.py runserver Watching for file changes with StatReloader Performing system checks... System check identified no issues (0 silenced). May 16, 2022 - 10:37:24 Django version 3.2.13, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. In a browser a success message was posted at localhost:8000/ with the image of a rocketship launching. It provided usefule links to release notes and documentation. No regressions - good enough.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0190.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED