Reference: https://www.openwall.com/lists/oss-security/2025/12/02/3
Assignee: bugsquad => nicolas.salgueroWhiteboard: (none) => MGA9TOOSource RPM: (none) => python-django-5.2.8-1.mga10.src.rpm, python-django-4.1.13-1.8.mga9.src.rpmStatus comment: (none) => Fixed upstream in 5.2.9 and patches available from upstreamCVE: (none) => CVE-2025-13372, CVE-2025-64460
Suggested advisory: ======================== The updated package fixes security vulnerabilities: Potential SQL injection in FilteredRelation column aliases on PostgreSQL. (CVE-2025-13372) Potential denial-of-service vulnerability in XML serializer text extraction. (CVE-2025-64460) References: https://www.openwall.com/lists/oss-security/2025/12/02/3 ======================== Updated package in core/updates_testing: ======================== python3-django-4.1.13-1.9.mga9 from SRPM: python-django-4.1.13-1.9.mga9.src.rpm
Source RPM: python-django-5.2.8-1.mga10.src.rpm, python-django-4.1.13-1.8.mga9.src.rpm => python-django-4.1.13-1.8.mga9.src.rpmAssignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNEDVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Status comment: Fixed upstream in 5.2.9 and patches available from upstream => (none)
RH x86_64 installing python3-django-4.1.13-1.9.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################### 1/1: python3-django ################################################################################################### 1/1: removing python3-django-4.1.13-1.8.mga9.noarch ################################################################################################### As regular user Ref bug 34612 django-admin startproject mysite tree mysite mysite ├── manage.py └── mysite ├── asgi.py ├── __init__.py ├── settings.py ├── urls.py └── wsgi.py 2 directories, 6 files cd mysite python manage.py migrate Operations to perform: Apply all migrations: admin, auth, contenttypes, sessions Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying auth.0010_alter_group_name_max_length... OK Applying auth.0011_update_proxy_permissions... OK Applying auth.0012_alter_user_first_name_max_length... OK Applying sessions.0001_initial... OK python manage.py runserver Watching for file changes with StatReloader Performing system checks... System check identified no issues (0 silenced). December 03, 2025 - 20:13:57 Django version 4.1.13, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. Open http://127.0.0.1:8000/ [03/Dec/2025 20:14:19] "GET / HTTP/1.1" 200 10681 [03/Dec/2025 20:14:19] "GET /static/admin/css/fonts.css HTTP/1.1" 200 423 Not Found: /favicon.ico [03/Dec/2025 20:14:19] "GET /favicon.ico HTTP/1.1" 404 2110 The rocket and all the info is displayed Looks good
Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0320.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED