33387 – python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614

Bug 33387 - python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614

Summary: python-django new security issues CVE-2024-38875, CVE-2024-39329, CVE-2024-39...

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Python Stack Maintainers
QA Contact:	Sec team

URL:
Whiteboard:	MGA9TOO
Keywords:

Depends on:
Blocks:

Reported:	2024-07-10 09:46 CEST by Nicolas Salguero
Modified:	2024-07-10 20:21 CEST (History)
CC List:	0 users

See Also:
Source RPM:	python-django-5.0.6-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm
CVE:	CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Status comment:	Fixed upstream in 5.0.7 and patches available from upstream

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-07-10 09:46:07 CEST

Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/07/09/3
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/

Nicolas Salguero 2024-07-10 09:47:22 CEST

Status comment: (none) => Fixed upstream in 5.0.7 and patches available from upstream
CVE: (none) => CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => python-django-5.0.6-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm

Comment 1 Lewis Smith 2024-07-10 20:21:29 CEST

The Openwall URL has links to patches for each CVE and each module version:
 main
 5.1
 5.0
 4.2
and two available release:
 * Django 5.0.7 (`download Django 5.0.7
 * Django 4.2.14 (`download Django 4.2.14
Perhaps the latter will do for Mageia 9.

Assignee: bugsquad => python

Note You need to log in before you can comment on or make changes to this bug.