Updated python-django packages fix security vulnerabilities
Publication date: 06 Feb 2026Modification date: 06 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13473 , CVE-2025-14550 , CVE-2026-1207 , CVE-2026-1285 , CVE-2026-1287 , CVE-2026-1312
Description
Username enumeration through timing difference in mod_wsgi
authentication handler. (CVE-2025-13473)
Potential denial-of-service vulnerability via repeated headers when
using ASGI. (CVE-2025-14550)
Potential SQL injection via raster lookups on PostGIS. (CVE-2026-1207)
Potential denial-of-service vulnerability in django.utils.text.Truncator
HTML methods. (CVE-2026-1285)
Potential SQL injection in column aliases via control characters.
(CVE-2026-1287)
Potential SQL injection via QuerySet.order_by and FilteredRelation.
(CVE-2026-1312)
References
- https://bugs.mageia.org/show_bug.cgi?id=35103
- https://ubuntu.com/security/notices/USN-8009-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14550
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312
SRPMS
9/core
- python-django-4.1.13-1.10.mga9