-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4705-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
June 18, 2020                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2020-9402 CVE-2020-13254 CVE-2020-13596

It was discovered that Django, a high-level Python web development
framework, did not properly sanitize input. This would allow a remote
attacker to perform SQL injection attacks, Cross-Site Scripting (XSS)
attacks, or leak sensitive information.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:1.10.7-2+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:1.11.29-1~deb10u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl7rKgsACgkQEL6Jg/PV
nWQUpQf/a6ouTulgXuSAegdWfc6ehpmZVgKb8Ln6K9lqvHsvYQyNQVjI3Loj+Squ
Jw5n0gXf/n3uW9/gKlMC/gKVie/ED7STZFgFr5k4xMvFcXiTE1V9ljv2eIQjCh9o
YtT40NCCM1oTfVemsaoyUJ5rtr5nFznY3R8yf9Rdlq7I5SZGw5BdYHaUbSKutwIp
OnrjL+VscoMBffgtaJY6/tQyMwOPiu+xynUCKEfaMHRuwwHl1+rj7gr+HRImQhTX
7FezQOxpvLPrh/tj/4DdQ6VMG1ClOCPvISGuZ1mhnMHcHy2KzA5OtoWRnVks7udG
h/WYma9kPi3CSSYNWzEVTknN/wQwxA==
=7/E0
-----END PGP SIGNATURE-----