ASA-202003-5 log generated external raw

[ASA-202003-5] python-django: sql injection
Arch Linux Security Advisory ASA-202003-5 ========================================= Severity: Medium Date : 2020-03-08 CVE-ID : CVE-2020-9402 Package : python-django Type : sql injection Remote : Yes Link : Summary ======= The package python-django before version 3.0.4-1 is vulnerable to sql injection. Resolution ========== Upgrade to 3.0.4-1. # pacman -Syu "python-django>=3.0.4-1" The problem has been fixed upstream in version 3.0.4. Workaround ========== None. Description =========== A potential SQL injection has been found in Django before 3.0.4, via tolerance parameter in GIS functions and aggregates on Oracle. Impact ====== A remote attacker can alter the database via a SQL injection. References ==========