products/SUSE_ALP_Standard
9
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Adding patchinfo patchinfo.20241028101042307006.269002615871826

Browse Source
This commit is contained in:
Adrian Schröter 2024-11-15 12:51:30 +01:00
parent 3b0adf399b
commit 6fb6b7044b
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
patchinfo.20241028101042307006.269002615871826/_patchinfo Normal file
View File

@ -0,0 +1,43 @@
<patchinfo>
<!-- generated from request(s) 338871, 336981, 335795 -->
<issue tracker="bnc" id="1225070">VUL-0: CVE-2024-36039: python-PyMySQL: SQL injection if used with untrusted JSON input</issue>
<issue tracker="bnc" id="1226660">VUL-0: CVE-2024-28397: python-Js2Py: an issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.</issue>
<issue tracker="bnc" id="1227590">VUL-0: CVE-2024-38875: python-Django: potential denial-of-service through django.utils.html.urlize()</issue>
<issue tracker="bnc" id="1227593">VUL-0: CVE-2024-39329: python-Django: username enumeration through timing difference for users with unusable passwords</issue>
<issue tracker="bnc" id="1227594">VUL-0: CVE-2024-39330: python-Django: potential directory traversal in django.core.files.storage.Storage.save()</issue>
<issue tracker="bnc" id="1227595">VUL-0: CVE-2024-39614: python-Django: potential denial-of-service through django.utils.translation.get_supported_language_variant()</issue>
<issue tracker="cve" id="2024-28397"/>
<issue tracker="cve" id="2024-36039"/>
<issue tracker="cve" id="2024-38875"/>
<issue tracker="cve" id="2024-39329"/>
<issue tracker="cve" id="2024-39330"/>
<issue tracker="cve" id="2024-39614"/>
<issue tracker="gh" id="PiotrDabkowski/Js2Py#323"/>
<packager>nkrapp</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for python-PyMySQL, python-Js2Py, python-Django</summary>
<description>This update for python-PyMySQL, python-Js2Py, python-Django fixes the following issues:
python-Django:
- CVE-2024-38875: Potential denial-of-service attack via
certain inputs with a very large number of brackets (bsc#1227590)
- CVE-2024-39329: Username enumeration through timing difference
for users with unusable passwords (bsc#1227593)
- CVE-2024-39330: Potential directory traversal in
django.core.files.storage.Storage.save() (bsc#1227594)
- CVE-2024-39614: Potential denial-of-service through
django.utils.translation.get_supported_language_variant() (bsc#1227595)
python-Js2Py:
- CVE-2024-28397 (bsc#1226660, gh#PiotrDabkowski/Js2Py#323)
python-PyMySQL:
- CVE-2024-36039 (bsc#1225070, gh#PyMySQL/PyMySQL@521e40050cb3)
</description>
<package>python-Django</package>
<package>python-Js2Py</package>
<package>python-PyMySQL</package>
<seperate_build_arch/>
</patchinfo>