Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3597
djangorestframework security update
25 July 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: djangorestframework
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25626
Original Bulletin:
http://www.debian.org/security/2022/dsa-5186
Comment: CVSS (Max): 6.1 CVE-2020-25626 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5186-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 22, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : djangorestframework
CVE ID : CVE-2020-25626
Two cross-site scripting vulnerabilities were discovered in the Django
Rest Framework, a toolkit to build web APIs.
For the oldstable distribution (buster), this problem has been fixed
in version 3.9.0-1+deb10u1.
The stable distribution (bullseye) is not affected.
We recommend that you upgrade your djangorestframework packages.
For the detailed security status of djangorestframework please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djangorestframework
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLakOcACgkQEMKTtsN8
TjaU5Q//fyTuYiLROh6G8ET1G/g/f4Zb6byeeGppyw0K0hvFlostDOvdwenEGIco
p2yrk6K3n/86LJYvOVuF1+uqxPPxYBdC5X7LH2Cp+kZ9CVz/3qOEmza2eFBwq4w5
h1UQF409PMIF/Vwnbj+QjwGzCRe8hPXJnXsx7ztaIOzYQedebk9Rq+ykRdpz5tdu
hPQUVG7oTAVCjQA4OOb0XW4Gxi4hGRbX3y4UXbZeiiDQtBOTNxzm3qH4kFKyHnt6
HAK7Jef/GgcDvG+0yBKEGOIaZrS1GpQqirp2OX68Lk9ZePJLEdiTgmNoTh93AzY3
68QnHUZvDeXAzxYwWfRmad2cloaEnCtLZRUQxrgRdSimCtVkP3SWJEZd3GzF2nTa
n3byzMlKK8cKdAG3AT0IUaxL4UNCq8yJWbZVMFOf5/sErelxu9PEJrAhsJc+U7cr
JJiKxsHEua7t6UJWHHYT5Xb00L/d10Y/AXWm2WEaGwnBjQ25NY7ZXFvxV6YqiohE
7NKa4eFaFhWTemltlDJ+l+oZU2NZTtfPoCkFAEXcZ6PDIBbHi2ryivajX4Ty2x1b
JuWUFcof24Az5jsxpaZ/Y0FiXT5Pxd+8ZODg+hXm1X1BwV4cRBfsmt7a5vQMnlMr
MJec+BUCGRxX0njoHab+Wrvh4Ipa+GpHU8wgiaZO6K0jA6HTTAM=
=FBqA
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYt3cJ8kNZI30y1K9AQh2Zg//Th+iVNESH5REMhfNncdKe5oVs7Z/BFf0
n1U8HhN1pETUuh2EmdCvnS970Gnr8eWIT0GmxwpSq4h8BECiRebGUePZjRSPFSgB
/8IRz9yfgtmhQruxfsnAfki/m30FqnnypCfpo8/gVz7AO9kpg7AW6/1gsa8NnZH2
q5oCs2RrZQPyrSQp2JVnnStdaXT6UGkEOiG/xh9feKsAE6HaWTWnDuzcElQA8+5y
bTNcatFuDlqejlIvE30Hm/cyf5AtS/fBdiRyKDW8yZIGl1D+ozVYdZ2k9BM4vgA8
/+55zju5RqlpUgFWcZoHYhHcGL7w7Wr7pRAqek77Z9M++/AzqZQ1mKuqCcuD30MF
YIXDk1zXfO1Z+ri5dGVpQgZ3klt+KP6ELcjO5WCxBQ/wA/SoiQkoEu8ZHhIV8E1O
CTtuPRCRkyYDQFpb8fL0rYGsqJ2k30iKNVaci2NVCUgX0GwPFGeFX+riFrMJioFP
jI8evROBGKxrC0EU0Ze/UDYhXOJmX5u7kXS0C1z6C5LoD8sep4CBtCAIstE2OQed
0cWMumB1hErmHryb81oVN9VtXfBMkpBgdeMTsEox2fP48BT52hypws2lQ/QdwVXP
oZlmiqBRBs3zwYI+1fxxiA1wda8OZeE50bN5xkWYCEsa95t8A/rAymIUU3epsO01
MElrDO+NJPE=
=YyaW
-----END PGP SIGNATURE-----