All errata/sisyphus_loongarch64/ALT-PU-2025-14397-1
ALT-PU-2025-14397-1

Package update python3-module-django in branch sisyphus_loongarch64

Version5.2.8-alt1
Task#0
Published2025-11-12
Max severityCRITICAL
Severity:

Closed issues (4)

BDU:2025-13913
CRITICAL9.1

Уязвимость объектов QuerySet и Q программной платформы для разработки веб-приложений Django, позволяющая нарушителю раскрыть и изменить защищаемую информацию

Published: 2025-11-10Modified: 2025-12-02
CVSS 3.xCRITICAL 9.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.0CRITICAL 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N
References
BDU:2025-14003
HIGH7.5

Уязвимость функций Django.http.HttpResponseRedirect() и Django.http.HttpResponsePermanentRedirect() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-11-12
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2025-64458
HIGH7.5

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Published: 2025-11-05Modified: 2025-11-10
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2025-64459
CRITICAL9.1

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.

Published: 2025-11-05Modified: 2025-11-10
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References