Bug 33507 - python-django new security issues CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-4523[01] and CVE-2024-5390[78]
Summary: python-django new security issues CVE-2024-41989, CVE-2024-41990, CVE-2024-41...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Python Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
: 33543 (view as bug list)
Depends on: 33919
Blocks: 33387
  Show dependency treegraph
 
Reported: 2024-09-02 11:37 CEST by Nicolas Salguero
Modified: 2025-02-10 11:54 CET (History)
2 users (show)

See Also:
Source RPM: python-django-4.1.13-1.1.mga9.src.rpm
CVE: CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231, CVE-2024-53907, CVE-2024-53908
Status comment: Fixed upstream in 5.0.10

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-09-02 11:37:45 CEST 
Those problems were announced here:
https://openwall.com/lists/oss-security/2024/08/06/2
Nicolas Salguero 2024-09-02 11:38:18 CEST

CVE: (none) => CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005
Source RPM: (none) => python-django-4.1.13-1.1.mga9.src.rpm

Comment 1 Marja Van Waes 2024-09-04 08:43:14 CEST 
Assigning to the Python Stack maintainers.

CC: (none) => marja11
Assignee: bugsquad => python

Comment 2 Nicolas Salguero 2024-09-05 16:01:31 CEST 
Those problems were announced here:
https://www.openwall.com/lists/oss-security/2024/09/03/3

CVE: CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005 => CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231
Summary: python-django new security issues CVE-2024-41989, CVE-2024-41990, CVE-2024-41991 and CVE-2024-42005 => python-django new security issues CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005 and CVE-2024-4523[01]
Version: 9 => Cauldron
Status comment: (none) => Fixed upstream in 5.0.9
Whiteboard: (none) => MGA9TOO

Comment 3 Nicolas Salguero 2024-09-08 09:56:13 CEST 
*** Bug 33543 has been marked as a duplicate of this bug. ***
Comment 4 Nicolas Salguero 2024-12-06 08:49:31 CET 
CVE-2024-53907 and CVE-2024-53908 were announced here:
https://openwall.com/lists/oss-security/2024/12/04/3

Status comment: Fixed upstream in 5.0.9 => Fixed upstream in 5.0.10
Summary: python-django new security issues CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005 and CVE-2024-4523[01] => python-django new security issues CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-4523[01] and CVE-2024-5390[78]
Blocks: (none) => 33387
CVE: CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231 => CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231, CVE-2024-53907, CVE-2024-53908
Source RPM: python-django-4.1.13-1.1.mga9.src.rpm => python-django-5.0.8-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm

Comment 5 papoteur 2024-12-19 10:58:01 CET 
Fixed in Cauldron: python-django-5.1.4-1.mga10

Whiteboard: MGA9TOO => (none)
CC: (none) => yvesbrungard
Version: Cauldron => 9

Nicolas Salguero 2025-01-15 09:42:03 CET

Source RPM: python-django-5.0.8-1.mga10.src.rpm, python-django-4.1.13-1.1.mga9.src.rpm => python-django-4.1.13-1.1.mga9.src.rpm

Nicolas Salguero 2025-02-03 10:29:45 CET

Depends on: (none) => 33919

Comment 6 Nicolas Salguero 2025-02-10 11:54:25 CET 
Fixed in bug 33919.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.