Overview

File _patchinfo of Package patchinfo.42494

<patchinfo incident="42494">
  <issue tracker="cve" id="2025-14550"/>
  <issue tracker="cve" id="2026-1312"/>
  <issue tracker="cve" id="2026-1285"/>
  <issue tracker="cve" id="2026-1207"/>
  <issue tracker="cve" id="2026-1287"/>
  <issue tracker="cve" id="2025-13473"/>
  <issue tracker="bnc" id="1257406">VUL-0: EMBARGOED: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
  <issue tracker="bnc" id="1257407">VUL-0: EMBARGOED: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
  <issue tracker="bnc" id="1257405">VUL-0: EMBARGOED:  CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
  <issue tracker="bnc" id="1257408">VUL-0: EMBARGOED: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
  <issue tracker="bnc" id="1257403">VUL-0: EMBARGOED:  CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
  <issue tracker="bnc" id="1257401">VUL-0: EMBARGOED: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
  <packager>mcalabkova</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-Django</summary>
  <description>This update for python-Django fixes the following issues:

- CVE-2025-14550: Fixed potential denial-of-service via repeated 
  headers when using ASGI(bsc#1257403)
- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by 
  and FilteredRelation (bsc#1257408)
- CVE-2026-1287: Fixed potential SQL injection in column aliases
  via control characters (bsc#1257407)
- CVE-2026-1207: Fixed potential SQL injection via raster lookups
  on PostGIS (bsc#1257405)
- CVE-2025-13473: Fixed username enumeration through timing difference
  in mod_wsgi authentication handler (bsc#1257401)
- CVE-2026-1285: Fixed potential denial-of-service in 
  django.utils.text.Truncator HTML methods (bsc#1257406)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places