From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Sat, 25 Dec 2021 00:17:46 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p9/branch packages: +1 (18263) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Dec 2021 00:17:49 -0000 Archived-At: List-Archive: 1 UPDATED package python3-module-django - A high-level Python 3 Web framework that encourages rapid development and clean, pragmatic design. * Fri Dec 17 2021 Alexey Shabalin 2.2.25-alt1 - new version 2.2.25 - Fixes for the following security vulnerabilities: + CVE-2021-44420: Potential bypass of an upstream access control based on URL paths * Tue Jul 13 2021 Alexey Shabalin 2.2.24-alt1 - new version 2.2.24 - Fixes for the following security vulnerabilities: + CVE-2021-28658 Potential directory-traversal via uploaded files + CVE-2021-31542 Potential directory-traversal via uploaded files + CVE-2021-32052 Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+ + CVE-2021-33203 Potential directory traversal via admindocs + CVE-2021-33571 Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses * Wed Feb 24 2021 Alexey Shabalin 2.2.19-alt2 - Drop Provides: Django * Wed Feb 24 2021 Alexey Shabalin 2.2.19-alt1 Total 18263 source packages.