--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-c2639662af
2020-06-19 01:01:42.924283
--------------------------------------------------------------------------------
Name : python-django
Product : Fedora 32
Version : 3.0.7
Release : 1.fc32
URL :
https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
--------------------------------------------------------------------------------
Update Information:
- Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security
fix for CVE-2020-13254. - Security fix for CVE-2020-13596.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 7 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 3.0.7-1
- Update to 3.0.7
- Security fix for CVE-2020-7471 (rhbz#1798516)
- Security fix for CVE-2020-9402 (rhbz#1810093)
- Security fix for CVE-2020-13254 (rhbz#1843617)
- Security fix for CVE-2020-13596 (rhbz#1843627)
* Mon May 25 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 3.0.2-3
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1798515 - CVE-2020-7471 django: potential SQL injection via
StringAgg(delimiter)
https://bugzilla.redhat.com/show_bug.cgi?id=1798515
[ 2 ] Bug #1810088 - CVE-2020-9402 django: potential SQL injection via
"tolerance" parameter in GIS functions and aggregates on Oracle
https://bugzilla.redhat.com/show_bug.cgi?id=1810088
[ 3 ] Bug #1843614 - CVE-2020-13254 django: potential data leakage via malformed
memcached keys
https://bugzilla.redhat.com/show_bug.cgi?id=1843614
[ 4 ] Bug #1843625 - CVE-2020-13596 django: possible XSS via admin
ForeignKeyRawIdWidget
https://bugzilla.redhat.com/show_bug.cgi?id=1843625
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-c2639662af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------