stable

python-django4.2-4.2.28-1.el9

FEDORA-EPEL-2026-e4c468db6d created by salimma 3 months ago for Fedora EPEL 9
  • Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
  • Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
  • Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
  • Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  • Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
  • Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

This update has been submitted for testing by salimma.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update has been pushed to testing.

3 months ago

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

2 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
3 months ago
in testing
3 months ago
in stable
2 months ago
approved
3 months ago
Builds
1
python-django4.2-4.2.28-1.el9
BZ#2436696 CVE-2026-1312 python-django4.2: Django: SQL injection via crafted column aliases in QuerySet.order_by() [epel-9]
0
0
BZ#2436697 CVE-2025-14550 python-django4.2: Django: Denial of Service via crafted request with duplicate headers [epel-9]
0
0
BZ#2436712 CVE-2026-1207 python-django4.2: Django: SQL Injection via RasterField band index parameter [epel-9]
0
0
BZ#2436713 CVE-2026-1287 python-django4.2: Django: SQL Injection via crafted column aliases [epel-9]
0
0
BZ#2436718 CVE-2026-1285 python-django4.2: Django: Denial of Service via crafted HTML inputs [epel-9]
0
0
python-django4.2-4.2.28-1.el9

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-6f874fb45-gwh52.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy