Advisories » MGASA-2025-0320

Updated python-django packages fix security vulnerabilities

Publication date: 04 Dec 2025
Modification date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13372 , CVE-2025-64460

Description

Potential SQL injection in FilteredRelation column aliases on
PostgreSQL. (CVE-2025-13372)
Potential denial-of-service vulnerability in XML serializer text
extraction. (CVE-2025-64460)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34795
• https://www.openwall.com/lists/oss-security/2025/12/02/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460

SRPMS

9/core

• python-django-4.1.13-1.9.mga9