Source: python-django Version: 2:2.2.10-1 Severity: important Tags: security upstream Control: found -1 2:3.0.2-1 Control: found -1 1:1.11.28-1~deb10u1 Control: found -1 1:1.11.27-1~deb10u1 Control: found -1 1:1.10.7-2+deb9u8 Control: found -1 1:1.10.7-2+deb9u7 Control: found -1 1:1.10.7-1
Hi, The following vulnerability was published for python-django. CVE-2020-9402[0]: | Potential SQL injection via tolerance | parameter in GIS functions and aggregates on Oracle If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-9402 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402 [1] https://www.djangoproject.com/weblog/2020/mar/04/security-releases/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
