| Package | python-django |
|---|---|
| Version | 1:1.10.7-2+deb9u18 (stretch) |
| Related CVEs | CVE-2022-34265 |
A SQL injection vulnerability was discovered in Django, the popular web development framework.
The Trunc() and Extract() database functions were subject to SQL injection
if untrusted data is used as a kind or lookup_name value. Applications that
constrained the lookup name and kind choice to a “known”, fixed or otherwise
safe list were unaffected.
For Debian 9 stretch, these problems have been fixed in version 1:1.10.7-2+deb9u18.
We recommend that you upgrade your python-django packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.