ALT-BU-2021-4133-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
- https://blog.torproject.org
- https://blog.torproject.org/node/2062
- https://bugs.torproject.org/tpo/core/tor/40078
- https://security.gentoo.org/glsa/202305-11
- https://blog.torproject.org
- https://blog.torproject.org/node/2062
- https://bugs.torproject.org/tpo/core/tor/40078
- https://security.gentoo.org/glsa/202305-11
Package python3-module-django updated to version 3.2.6-alt1 for branch sisyphus in task 283297.
Closed vulnerabilities
Modified: 2022-04-15
BDU:2021-03557
Уязвимость функции QuerySet.order_by() программной платформы для веб-приложений Django, позволяющая нарушителю выполнить произвольные команды
Modified: 2024-11-21
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
- https://docs.djangoproject.com/en/3.2/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y/
- https://security.netapp.com/advisory/ntap-20210805-0008/
- https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
- https://www.openwall.com/lists/oss-security/2021/07/02/2
- https://docs.djangoproject.com/en/3.2/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SS6NJTBYWOX6J7G4U3LUOILARJKWPQ5Y/
- https://security.netapp.com/advisory/ntap-20210805-0008/
- https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
- https://www.openwall.com/lists/oss-security/2021/07/02/2
Closed vulnerabilities
Modified: 2024-04-03
BDU:2021-06060
Уязвимость почтового клиента Thunderbird, браузера Firefox, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
Modified: 2024-11-21
CVE-2021-29991
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.