Lucene search

Https://packages.altlinux.org/en/sisyphus/security/72075A51A1F999B8F306832A4F69085F

HistoryJul 13, 2021 - 12:00 a.m.

Security fix for the ALT Linux 9 package python3-module-django version 2.2.24-alt1

2021-07-1300:00:00

https://packages.altlinux.org/en/sisyphus/security/

packages.altlinux.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

July 13, 2021 Alexey Shabalin 2.2.24-alt1

- new version 2.2.24
- Fixes for the following security vulnerabilities:
  + CVE-2021-28658 Potential directory-traversal via uploaded files
  + CVE-2021-31542 Potential directory-traversal via uploaded files
  + CVE-2021-32052 Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+
  + CVE-2021-33203 Potential directory traversal via admindocs
  + CVE-2021-33571 Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses

OSVersionArchitecturePackageVersionFilename
ALT Linux9srcpython3-module-django-2.2.25-alt1.src.rpm< 2.2.24-alt1python3-module-django-2.2.25-alt1.src.rpm
ALT Linux9noarchpython3-module-django-2.2.25-alt1.noarch.rpm< 2.2.24-alt1python3-module-django-2.2.25-alt1.noarch.rpm
ALT Linux9noarchpython3-module-django-dbbackend-mysql-2.2.25-alt1.noarch.rpm< 2.2.24-alt1python3-module-django-dbbackend-mysql-2.2.25-alt1.noarch.rpm
ALT Linux9noarchpython3-module-django-dbbackend-psycopg2-2.2.25-alt1.noarch.rpm< 2.2.24-alt1python3-module-django-dbbackend-psycopg2-2.2.25-alt1.noarch.rpm
ALT Linux9noarchpython3-module-django-dbbackend-sqlite3-2.2.25-alt1.noarch.rpm< 2.2.24-alt1python3-module-django-dbbackend-sqlite3-2.2.25-alt1.noarch.rpm
ALT Linux9noarchpython3-module-django-doc-2.2.25-alt1.noarch.rpm< 2.2.24-alt1python3-module-django-doc-2.2.25-alt1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
ALT Linux	9	src	python3-module-django-2.2.25-alt1.src.rpm	< 2.2.24-alt1	python3-module-django-2.2.25-alt1.src.rpm
ALT Linux	9	noarch	python3-module-django-2.2.25-alt1.noarch.rpm	< 2.2.24-alt1	python3-module-django-2.2.25-alt1.noarch.rpm
ALT Linux	9	noarch	python3-module-django-dbbackend-mysql-2.2.25-alt1.noarch.rpm	< 2.2.24-alt1	python3-module-django-dbbackend-mysql-2.2.25-alt1.noarch.rpm
ALT Linux	9	noarch	python3-module-django-dbbackend-psycopg2-2.2.25-alt1.noarch.rpm	< 2.2.24-alt1	python3-module-django-dbbackend-psycopg2-2.2.25-alt1.noarch.rpm
ALT Linux	9	noarch	python3-module-django-dbbackend-sqlite3-2.2.25-alt1.noarch.rpm	< 2.2.24-alt1	python3-module-django-dbbackend-sqlite3-2.2.25-alt1.noarch.rpm
ALT Linux	9	noarch	python3-module-django-doc-2.2.25-alt1.noarch.rpm	< 2.2.24-alt1	python3-module-django-doc-2.2.25-alt1.noarch.rpm