Lucene search

DebianDEBIAN:DLA-2233-2:6FDB2

HistoryJun 12, 2020 - 10:37 a.m.

[SECURITY] [DLA 2233-2] python-django regression update

2020-06-1210:37:27

lists.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.004

Percentile

73.9%

JSON

Package : python-django
Version : 1.7.11-1+deb8u10
CVE ID : CVE-2020-13254

It was discovered that there was a regression in the latest update to
Django, the Python web development framework. The upstream fix for
CVE-2020-13254 to address data leakages via malformed memcached keys
could, in some situations, cause a traceback.

Please see <https://code.djangoproject.com/ticket/31654> for more
information.

For Debian 8 "Jessie", this issue has been fixed in python-django version
1.7.11-1+deb8u10.

We recommend that you upgrade your python-django packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8allpython-django-common< 1.7.11-1+deb8u9python-django-common_1.7.11-1+deb8u9_all.deb
Debian8allpython-django-doc< 1.7.11-1+deb8u9python-django-doc_1.7.11-1+deb8u9_all.deb
Debian8allpython3-django< 1.7.11-1+deb8u10python3-django_1.7.11-1+deb8u10_all.deb
Debian9allpython-django-common< 1:1.10.7-2+deb9u9python-django-common_1:1.10.7-2+deb9u9_all.deb
Debian8allpython-django< 1.7.11-1+deb8u10python-django_1.7.11-1+deb8u10_all.deb
Debian10allpython-django-common< 1:1.11.29-1~deb10u1python-django-common_1:1.11.29-1~deb10u1_all.deb
Debian10allpython-django< 1:1.11.29-1~deb10u1python-django_1:1.11.29-1~deb10u1_all.deb
Debian10allpython-django-doc< 1:1.11.29-1~deb10u1python-django-doc_1:1.11.29-1~deb10u1_all.deb
Debian9allpython3-django< 1:1.10.7-2+deb9u9python3-django_1:1.10.7-2+deb9u9_all.deb
Debian8allpython-django< 1.7.11-1+deb8u9python-django_1.7.11-1+deb8u9_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	python-django-common	< 1.7.11-1+deb8u9	python-django-common_1.7.11-1+deb8u9_all.deb
Debian	8	all	python-django-doc	< 1.7.11-1+deb8u9	python-django-doc_1.7.11-1+deb8u9_all.deb
Debian	8	all	python3-django	< 1.7.11-1+deb8u10	python3-django_1.7.11-1+deb8u10_all.deb
Debian	9	all	python-django-common	< 1:1.10.7-2+deb9u9	python-django-common_1:1.10.7-2+deb9u9_all.deb
Debian	8	all	python-django	< 1.7.11-1+deb8u10	python-django_1.7.11-1+deb8u10_all.deb
Debian	10	all	python-django-common	< 1:1.11.29-1~deb10u1	python-django-common_1:1.11.29-1~deb10u1_all.deb
Debian	10	all	python-django	< 1:1.11.29-1~deb10u1	python-django_1:1.11.29-1~deb10u1_all.deb
Debian	10	all	python-django-doc	< 1:1.11.29-1~deb10u1	python-django-doc_1:1.11.29-1~deb10u1_all.deb
Debian	9	all	python3-django	< 1:1.10.7-2+deb9u9	python3-django_1:1.10.7-2+deb9u9_all.deb
Debian	8	all	python-django	< 1.7.11-1+deb8u9	python-django_1.7.11-1+deb8u9_all.deb