: VCS is behind the version in the archive: 2:3.2.13-1 < 2:4.1~alpha1-1.
- Git: https://salsa.debian.org/python-team/packages/python-django.git
- Branch: debian/sid
- Path: debian/changelog
- Browser: https://salsa.debian.org/python-team/packages/python-django
- Last scan: 2022-05-18 21:32:31+00
- Next scan: 2022-05-26 14:58:00+00
- Debian changelog in Git:
python-django (2:3.2.13-1) unstable; urgency=high
* New upstream security release:
- CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra().
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
- CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
for more info.
-- Chris Lamb <firstname.lastname@example.org> Tue, 12 Apr 2022 18:22:30 +0200
- This branch is even with tag debian/2%3.2.13-1