ALT-BU-2021-4133-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Package python3-module-django updated to version 3.2.6-alt1 for branch sisyphus in task 283297.
Closed vulnerabilities
BDU:2021-03557
Уязвимость функции QuerySet.order_by() программной платформы для веб-приложений Django, позволяющая нарушителю выполнить произвольные команды
Modified: 2024-11-21
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
- https://docs.djangoproject.com/en/3.2/releases/security/
- https://docs.djangoproject.com/en/3.2/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://groups.google.com/forum/#%21forum/django-announce
- FEDORA-2021-78e501d62a
- FEDORA-2021-78e501d62a
- https://security.netapp.com/advisory/ntap-20210805-0008/
- https://security.netapp.com/advisory/ntap-20210805-0008/
- https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
- https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
- https://www.openwall.com/lists/oss-security/2021/07/02/2
- https://www.openwall.com/lists/oss-security/2021/07/02/2
Closed vulnerabilities
BDU:2021-06060
Уязвимость почтового клиента Thunderbird, браузера Firefox, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
Modified: 2024-11-21
CVE-2021-29991
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.