From dee17ce81900900794eecdf4771d266f616c578acfa17719c0140c5eb401cbf5 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Thu, 16 Oct 2025 13:14:27 +0200 Subject: [PATCH] Update submodules from pool/python-Django#2 and create patchinfo.20251016111300220521.93181000773252/_patchinfo --- .../_patchinfo | 17 +++++++++++++++++ python-Django | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20251016111300220521.93181000773252/_patchinfo diff --git a/patchinfo.20251016111300220521.93181000773252/_patchinfo b/patchinfo.20251016111300220521.93181000773252/_patchinfo new file mode 100644 index 0000000..1b5f02e --- /dev/null +++ b/patchinfo.20251016111300220521.93181000773252/_patchinfo @@ -0,0 +1,17 @@ + + VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract() + VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract() + + VUL-0: CVE-2025-59681: python-Django,python-Django4: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB + mcalabkova + important + security + Security update for python-Django + This update for python-Django fixes the following issues: + +- CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485) +- CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487) + + python-Django + + diff --git a/python-Django b/python-Django index 59a6beb..a2220d5 160000 --- a/python-Django +++ b/python-Django @@ -1 +1 @@ -Subproject commit 59a6beb07783fabdfb4f731c1f0d4fa354be9becc35ceca43fb3f42a38d1bbdf +Subproject commit a2220d5d79ae179e800d904c89434e76b27ec4418eb1be0a1d879cdd675b2e19 -- 2.51.1