33387 – python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614

Bug 33387 - python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614

Summary: python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Python Stack Maintainers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:	33507 33919
Blocks:
	Show dependency tree / graph

Reported:	2024-07-10 09:46 CEST by Nicolas Salguero
Modified:	2025-02-10 11:54 CET (History)
CC List:	0 users

See Also:
Source RPM:	python-django-4.1.13-1.1.mga9.src.rpm
CVE:	CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Status comment:	Fixed upstream in 5.0.7 and patches available from upstream

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-07-10 09:46:07 CEST

Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/07/09/3
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

Nicolas Salguero 2024-07-10 09:47:22 CEST

Source RPM: (none) => python-django-5.0.6-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Status comment: (none) => Fixed upstream in 5.0.7 and patches available from upstream

Comment 1 Lewis Smith 2024-07-10 20:21:29 CEST

The Openwall URL has links to patches for each CVE and each module version:
 main
 5.1
 5.0
 4.2
and two available release:
 * Django 5.0.7 (`download Django 5.0.7
 * Django 4.2.14 (`download Django 4.2.14
Perhaps the latter will do for Mageia 9.

Assignee: bugsquad => python

Nicolas Salguero 2024-12-06 08:49:31 CET

Depends on: (none) => 33507

Nicolas Salguero 2024-12-06 08:49:55 CET

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Source RPM: python-django-5.0.6-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm => python-django-4.1.13-1.1.mga9.src.rpm

Nicolas Salguero 2025-02-03 10:29:45 CET

Depends on: (none) => 33919

Comment 2 Nicolas Salguero 2025-02-10 11:54:36 CET

Fixed in bug 33919.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.