A djangorestframework security update has been released for Debian GNU/Linux 9 Extended LTS to address two cross-site scripting vulnerabilities.
ELA-716-1 djangorestframework security update
Package djangorestframework
ELA-716-1 djangorestframework security update
Version 3.4.0-2+deb9u1 (stretch)
Related CVEs CVE-2018-25045 CVE-2020-25626
Two cross-site scripting vulnerabilities were discovered in the Django Rest Framework, a toolkit to build web APIs.
For Debian 9 stretch, these problems have been fixed in version 3.4.0-2+deb9u1.
We recommend that you upgrade your djangorestframework packages.
Further information about Extended LTS security advisories can be found at: debian Extended Long term support
