2025-09-23
ALT-BU-2025-12111-1
Branch sisyphus_riscv64 update bulletin.
Package python3-module-django updated to version 5.2.6-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2025-09-03
Modified: 2025-09-08
Modified: 2025-09-08
CVE-2025-57833
An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
Severity: HIGH (7.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
References:
Package netbox updated to version 4.4.1-alt1 for branch sisyphus_riscv64.
Closed bugs
misguided readme
Package make-initrd updated to version 2.55.1-alt0.port.3 for branch sisyphus_riscv64.
Closed bugs
Typo in guess/device-tree/action file
Package node updated to version 22.19.0-alt1 for branch sisyphus_riscv64.
Closed bugs
Выключить LTO на %ix86