ELA-1165-1 systemd security update
ELA-1164-1 python-django security update
ELA-1163-1 python-django security update
ELA-1165-1 systemd security update
Package : systemd
Version : 232-25+deb9u17 (stretch), 241-7~deb10u11 (buster)
Related CVEs :
CVE-2023-7008
CVE-2023-50387
CVE-2023-50868
Multiple vulnerabilities have been fixed in systemd, the default init system in Debian, when using systemd-resolved with DNSSEC.
ELA-1164-1 python-django security update
Package : python-django
Version : 1:1.11.29-1+deb10u12 (buster)
Related CVEs :
CVE-2024-41989
CVE-2024-41991
CVE-2024-42005
(Release for buster only)
A number of vulnerabilities were discovered in Django, a popular Python-based web development framework:
CVE-2024-41989: The floatformat template filter was subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
CVE-2024-41991: Fix an issue where the urlize and urlizetrunc template filters (as well as the AdminURLFieldWidget widget) were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
CVE-2024-42005: Fix an issue where the QuerySet.values() and values_list() methods on models with a JSONFields were subject to a SQL injection attack through column aliases via a crafted JSON object key.
ELA-1163-1 python-django security update
Package : python-django
Version : 1.7.11-1+deb8u17 (jessie), 1:1.10.7-2+deb9u23 (stretch)
Related CVEs :
CVE-2024-41989
(Release for jessie and stretch only)
A Denial of Service (DoS) vulnerability was discovered in Django, a popular
Python-based web development framework.
The floatformat template filter was subject to significant memory consumption
when given a string representation of a number in scientific notation with a
large exponent.
