Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.3597 djangorestframework security update 25 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: djangorestframework Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2020-25626 Original Bulletin: http://www.debian.org/security/2022/dsa-5186 Comment: CVSS (Max): 6.1 CVE-2020-25626 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5186-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 22, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : djangorestframework CVE ID : CVE-2020-25626 Two cross-site scripting vulnerabilities were discovered in the Django Rest Framework, a toolkit to build web APIs. For the oldstable distribution (buster), this problem has been fixed in version 3.9.0-1+deb10u1. The stable distribution (bullseye) is not affected. We recommend that you upgrade your djangorestframework packages. For the detailed security status of djangorestframework please refer to its security tracker page at: https://security-tracker.debian.org/tracker/djangorestframework Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLakOcACgkQEMKTtsN8 TjaU5Q//fyTuYiLROh6G8ET1G/g/f4Zb6byeeGppyw0K0hvFlostDOvdwenEGIco p2yrk6K3n/86LJYvOVuF1+uqxPPxYBdC5X7LH2Cp+kZ9CVz/3qOEmza2eFBwq4w5 h1UQF409PMIF/Vwnbj+QjwGzCRe8hPXJnXsx7ztaIOzYQedebk9Rq+ykRdpz5tdu hPQUVG7oTAVCjQA4OOb0XW4Gxi4hGRbX3y4UXbZeiiDQtBOTNxzm3qH4kFKyHnt6 HAK7Jef/GgcDvG+0yBKEGOIaZrS1GpQqirp2OX68Lk9ZePJLEdiTgmNoTh93AzY3 68QnHUZvDeXAzxYwWfRmad2cloaEnCtLZRUQxrgRdSimCtVkP3SWJEZd3GzF2nTa n3byzMlKK8cKdAG3AT0IUaxL4UNCq8yJWbZVMFOf5/sErelxu9PEJrAhsJc+U7cr JJiKxsHEua7t6UJWHHYT5Xb00L/d10Y/AXWm2WEaGwnBjQ25NY7ZXFvxV6YqiohE 7NKa4eFaFhWTemltlDJ+l+oZU2NZTtfPoCkFAEXcZ6PDIBbHi2ryivajX4Ty2x1b JuWUFcof24Az5jsxpaZ/Y0FiXT5Pxd+8ZODg+hXm1X1BwV4cRBfsmt7a5vQMnlMr MJec+BUCGRxX0njoHab+Wrvh4Ipa+GpHU8wgiaZO6K0jA6HTTAM= =FBqA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYt3cJ8kNZI30y1K9AQh2Zg//Th+iVNESH5REMhfNncdKe5oVs7Z/BFf0 n1U8HhN1pETUuh2EmdCvnS970Gnr8eWIT0GmxwpSq4h8BECiRebGUePZjRSPFSgB /8IRz9yfgtmhQruxfsnAfki/m30FqnnypCfpo8/gVz7AO9kpg7AW6/1gsa8NnZH2 q5oCs2RrZQPyrSQp2JVnnStdaXT6UGkEOiG/xh9feKsAE6HaWTWnDuzcElQA8+5y bTNcatFuDlqejlIvE30Hm/cyf5AtS/fBdiRyKDW8yZIGl1D+ozVYdZ2k9BM4vgA8 /+55zju5RqlpUgFWcZoHYhHcGL7w7Wr7pRAqek77Z9M++/AzqZQ1mKuqCcuD30MF YIXDk1zXfO1Z+ri5dGVpQgZ3klt+KP6ELcjO5WCxBQ/wA/SoiQkoEu8ZHhIV8E1O CTtuPRCRkyYDQFpb8fL0rYGsqJ2k30iKNVaci2NVCUgX0GwPFGeFX+riFrMJioFP jI8evROBGKxrC0EU0Ze/UDYhXOJmX5u7kXS0C1z6C5LoD8sep4CBtCAIstE2OQed 0cWMumB1hErmHryb81oVN9VtXfBMkpBgdeMTsEox2fP48BT52hypws2lQ/QdwVXP oZlmiqBRBs3zwYI+1fxxiA1wda8OZeE50bN5xkWYCEsa95t8A/rAymIUU3epsO01 MElrDO+NJPE= =YyaW -----END PGP SIGNATURE-----