SUSE Package Hub - openSUSE-2025-380

Update Info

openSUSE-2025-380

Security update for python-Django

Type: security

Severity: important

Issued: 2025-10-03

Description:

This update for python-Django fixes the following issues:

- CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485)
- CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487)

References

CVE: CVE-2025-59682
CVE: CVE-2025-59681
Bugzilla: 1250487 VUL-0: CVE-2025-59682: python-Django,python-Django4: Potential partial directory-traversal via archive.extract()
Bugzilla: 1250485 VUL-0: CVE-2025-59681: python-Django,python-Django4: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB

Packages

python-Django-2.2.28-bp156.21.1