Home / mailings [SECURITY] [DSA 6136-1] python-django security update
Posted on 15 February 2026
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6136-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 15, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-django
CVE ID : CVE-2023-41164 CVE-2023-43665 CVE-2024-24680 CVE-2024-27351
CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989
CVE-2024-41991 CVE-2024-42005 CVE-2024-45231 CVE-2024-53907
CVE-2024-56374 CVE-2025-13372 CVE-2025-26699 CVE-2025-32873
CVE-2025-48432 CVE-2025-57833 CVE-2025-59681 CVE-2025-59682
CVE-2025-64459 CVE-2025-64460
Multiple security issues were found in Django, a Python web development
framework, which could result in denial of service, information
disclosure, directory traversal or SQL injection.
For the oldstable distribution (bookworm), these problems have been fixed
in version 3:3.2.25-0+deb12u1. python-django-storages also needed to be
updated to ensure ongoing compatibility (1.13.2-1+deb12u1).
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
