USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. (CVE-2021-32052)
Continue reading...
Continue reading...
