FEDORA-2025-45ee190318 — security update for python-django5

stable

python-django5-5.2.9-1.fc42

FEDORA-2025-45ee190318 created by salimma 6 months ago for Fedora 42

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL
Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer
Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8)
Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7)
Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (5.2.7)
Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (5.2.6)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-45ee190318

This update has been submitted for testing by salimma.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

salimma edited this update.

6 months ago

This update has been pushed to testing.

6 months ago

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

6 months ago

in testing

6 months ago

in stable

6 months ago

modified

6 months ago

approved

6 months ago

Builds

python-django5-5.2.9-1.fc42

BZ#2393807 CVE-2025-57833 python-django5: Django SQL injection in FilteredRelation column aliases [fedora-42]

BZ#2416118 CVE-2025-59681 python-django5: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 [fedora-42]

python-django5-5.2.9-1.fc42

Automated Test Results

ignored