Debian alert DSA-6117-1 (python-django)


From:
               Moritz Muehlenhoff <jmm@debian.org>
To:
               debian-security-announce@lists.debian.org
Subject:
               [SECURITY] [DSA 6117-1] python-django security update
Date:
               Sat, 31 Jan 2026 12:32:11 +0000
Message-ID:
               <aX32S3vsVTFLGkAW@seger.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6117-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 31, 2026                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2025-13372 CVE-2025-57833 CVE-2025-59681
                 CVE-2025-59682 CVE-2025-64459 CVE-2025-64460

Multiple security issues were found in Django, a Python web development
framework, which could result in SQL injection, directory traversal
or denial of service.

For the stable distribution (trixie), these problems have been fixed in
version 3:4.2.27-0+deb13u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAml99BkACgkQEMKTtsN8
TjbmEQ//VPnqWF6xLeWJaNJtB1Zq/zndbjq7Eh1wehmFX02LiIACu5fKqGc4kfR9
P1Ra1FegpthRFeCbb2RreJcJP0O+yQReujbabpg79vhQvffF5WHF0F9F3ZtTXofM
YYvY5XTU7zCACxQSssXWMScnWtxfHrmusje651AJSYE6dIlOP12ds43Fhtx40MHP
S2y5rGNPEzCPgCswCHvqxwzcq74c3l7Wp9nDaA4nx3zH8RJKTi6eG/exXMd7xrMw
h7szcypQSpxOYG9M8kHuOs65/qRCZlmRdQ6zPTKSQNadzWLTYrhlwHUf1RSJdh9l
D1/0seAvmGT1CtdtR4+9aOBNoAcH2bzBaj87+2Gtkv9E0HS+ZO7BIAI9TveQBtpi
+FdwWwk8VCtNDw/Q9cEh2rAWETg1v3cNvXYiipY5yN8re/nVTRH3mh/x+okPpSwE
zU3QaUQkNgsAftynIgIqdTGWSoj1V8fvYbdcS9nXBatdKPwUjm+Yh/rdnjFDApOz
30X3fCN76OMI7b1vEJhpPRsLvkFIiwLUSGPc/JmzvOvP1oTgkGTKxoc8FsX1NA5C
o/PVz2Il7erh/KzACxvZ8YL4KmS8gwzzj7YlKWIHxUlGGbcnZnYvF6aLNm8324ht
Qc1IsHNiRXTYEoN53nanjjptRQGntTTYvQe9GS4oKHLaMM3fAtQ=
=EQvq
-----END PGP SIGNATURE-----

From:		Moritz Muehlenhoff <jmm@debian.org>
To:		debian-security-announce@lists.debian.org
Subject:		[SECURITY] [DSA 6117-1] python-django security update
Date:		Sat, 31 Jan 2026 12:32:11 +0000
Message-ID:		<aX32S3vsVTFLGkAW@seger.debian.org>