-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-c2639662af 2020-06-19 01:01:42.924283 --------------------------------------------------------------------------------
Name : python-django Product : Fedora 32 Version : 3.0.7 Release : 1.fc32 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
-------------------------------------------------------------------------------- Update Information:
- Security fix for CVE-2020-7471. - Security fix for CVE-2020-9402. - Security fix for CVE-2020-13254. - Security fix for CVE-2020-13596. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 7 2020 Miro Hron��ok mhroncok@redhat.com - 3.0.7-1 - Update to 3.0.7 - Security fix for CVE-2020-7471 (rhbz#1798516) - Security fix for CVE-2020-9402 (rhbz#1810093) - Security fix for CVE-2020-13254 (rhbz#1843617) - Security fix for CVE-2020-13596 (rhbz#1843627) * Mon May 25 2020 Miro Hron��ok mhroncok@redhat.com - 3.0.2-3 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1798515 - CVE-2020-7471 django: potential SQL injection via StringAgg(delimiter) https://bugzilla.redhat.com/show_bug.cgi?id=1798515 [ 2 ] Bug #1810088 - CVE-2020-9402 django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle https://bugzilla.redhat.com/show_bug.cgi?id=1810088 [ 3 ] Bug #1843614 - CVE-2020-13254 django: potential data leakage via malformed memcached keys https://bugzilla.redhat.com/show_bug.cgi?id=1843614 [ 4 ] Bug #1843625 - CVE-2020-13596 django: possible XSS via admin ForeignKeyRawIdWidget https://bugzilla.redhat.com/show_bug.cgi?id=1843625 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-c2639662af' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------