Univention Bugzilla – Bug 53057
python-django: Multiple issues (4.4)
Last modified: 2021-04-14 12:06:21 CEST
New Debian python-django 1:1.10.7-2+deb9u12 fixes: This update addresses the following issue: * potential directory-traversal via uploaded files (CVE-2021-28658)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/python-django_1.10.7-2+deb9u11.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/python-django_1.10.7-2+deb9u12.dsc @@ -1,3 +1,9 @@ +1:1.10.7-2+deb9u12 [Fri, 09 Apr 2021 12:28:23 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2021-28658: Prevent a directory traversal issue which could have been + exploited by maliciously crafted filenames. However, the built-in upload + handlers were not affected by this vulnerability. (Closes: #986447) + 1:1.10.7-2+deb9u11 [Fri, 19 Feb 2021 12:21:16 +0000] Chris Lamb <lamby@debian.org>: * Apply security fix from upstream: <http://piuparts.knut.univention.de/4.4-7/#203156406379701614>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 7199b527a3 Bug #53057: python-django 1:1.10.7-2+deb9u12 doc/errata/staging/python-django.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] 0e4aa8b3ce Bug #53057: python-django 1:1.10.7-2+deb9u12 doc/errata/staging/python-django.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x950>