Upstream has issued an advisory on October 4: https://www.djangoproject.com/weblog/2022/oct/04/security-releases/ The issue is fixed upstream in 3.2.16 and 4.1.2. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 3.2.16 and 4.1.2
Ubuntu has issued an advisory for this on October 4: https://ubuntu.com/security/notices/USN-5653-1
Upstream has issued an advisory today (February 1): https://www.djangoproject.com/weblog/2023/feb/01/security-releases/ The issue is fixed upstream in 3.2.17 and 4.1.6. Mageia 8 is also affected.
Status comment: Fixed upstream in 3.2.16 and 4.1.2 => Fixed upstream in 3.2.17 and 4.1.6Summary: python-django new security issue CVE-2022-41323 => python-django new security issues CVE-2022-41323 and CVE-2023-23969
4.1.6 just submitted to cauldron
CC: (none) => yves.brungard_mageiaWhiteboard: MGA8TOO => (none)Version: Cauldron => 8Status comment: Fixed upstream in 3.2.17 and 4.1.6 => Fixed upstream in 3.2.17
python3-django-3.2.17-1.mga8 Source: python-django-3.2.17-1.mga8.src.rpm
Assignee: python => qa-bugsStatus comment: Fixed upstream in 3.2.17 => (none)
(In reply to David Walser from comment #2) > Upstream has issued an advisory today (February 1): > https://www.djangoproject.com/weblog/2023/feb/01/security-releases/ > > The issue is fixed upstream in 3.2.17 and 4.1.6. > > Mageia 8 is also affected. Ubuntu has issued an advisory for this today (February 1): https://ubuntu.com/security/notices/USN-5837-1
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Followed procedure from bug 29737: $ django-admin startproject mysite /usr/bin/django-admin:17: RemovedInDjango40Warning: django-admin.py is deprecated in favor of django-admin. warnings.warn( $ ls mysite manage.py* mysite/ $ cd mysite/ $ python manage.py migrate Operations to perform: Apply all migrations: admin, auth, contenttypes, sessions Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK and some more of these ...... $ ls db.sqlite3 manage.py* mysite/ $ python manage.py runserver Watching for file changes with StatReloader Performing system checks... System check identified no issues (0 silenced). February 02, 2023 - 09:34:48 Django version 3.2.17, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. Point the browser at http://localhost:8000/ and get "The install worked successfully! Congratulations!" Then on another tab in Konsole: $ python manage.py startapp polls $ ls polls admin.py apps.py __init__.py migrations/ models.py tests.py views.py This all looks OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0026.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED