social-auth-app-django - Debian Package Tracker

general

source: social-auth-app-django (main)
version: 5.9.0-1
maintainer: Debian Python Team (DMD)
uploaders: Andre Bianchi [DMD] – Ana Rodríguez López [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.0-2.1
oldstable: 5.0.0-1
stable: 5.4.3-1
testing: 5.4.3-1
unstable: 5.9.0-1

versioned links

3.1.0-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.9.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-social-django

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-61783: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Created: 2025-10-10 Last update: 2026-05-03 16:47

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-61783: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Created: 2025-10-10 Last update: 2026-05-03 16:47

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2026-05-08 Last update: 2026-05-13 03:03

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-61783: (needs triaging) Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-10 Last update: 2026-05-03 16:47

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-32879: (needs triaging) Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
CVE-2025-61783: (needs triaging) Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-04-25 Last update: 2026-05-03 16:47

testing migrations

excuses:
- Migration status: Blocked. Can't migrate due to a non-migratable dependency. Check status below.
- Blocked by: python-django
- Migration status for social-auth-app-django (5.4.3-1 to 5.9.0-1): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)
- Issues preventing migration:
- ∙ ∙ Build-Depends(-Arch): social-auth-app-django python-django (not considered)
- ∙ ∙ Depends: social-auth-app-django python-django (not considered)
- ∙ ∙ Invalidated by build-dependency
- ∙ ∙ Invalidated by dependency
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/s/social-auth-app-django.html
- ∙ ∙ Autopkgtest for social-auth-app-django/5.9.0-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ 10 days old (needed 2 days)
- Not considered

news

[rss feed]

[2026-05-03] Accepted social-auth-app-django 5.9.0-1 (source) into unstable (Carsten Schoenert)
[2026-04-27] Accepted social-auth-app-django 5.8.0-1 (source) into experimental (Carsten Schoenert)
[2026-01-03] Accepted social-auth-app-django 5.7.0-1 (source) into experimental (Carsten Schoenert)
[2025-11-25] Accepted social-auth-app-django 5.6.0-1 (source) into experimental (Carsten Schoenert)
[2025-02-23] social-auth-app-django 5.4.3-1 MIGRATED to testing (Debian testing watch)
[2025-02-20] Accepted social-auth-app-django 5.4.3-1 (source) into unstable (Carsten Schoenert)
[2024-07-26] social-auth-app-django 5.4.2-1 MIGRATED to testing (Debian testing watch)
[2024-07-24] Accepted social-auth-app-django 5.4.2-1 (source) into unstable (Carsten Schoenert)
[2024-06-10] social-auth-app-django 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2024-06-08] Accepted social-auth-app-django 5.4.1-1 (source) into unstable (Carsten Schoenert)
[2024-02-29] social-auth-app-django 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-26] Accepted social-auth-app-django 5.4.0-1 (source) into unstable (Carsten Schoenert)
[2023-07-03] social-auth-app-django 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2023-07-03] social-auth-app-django 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2023-06-30] Accepted social-auth-app-django 5.2.0-2 (source) into unstable (Carsten Schoenert)
[2023-04-03] Accepted social-auth-app-django 5.2.0-1 (source) into experimental (Carsten Schoenert)
[2021-12-28] social-auth-app-django 5.0.0-1 MIGRATED to testing (Debian testing watch)
[2021-12-26] Accepted social-auth-app-django 5.0.0-1 (source) into unstable (Carsten Schoenert)
[2020-05-19] social-auth-app-django 3.1.0-2.1 MIGRATED to testing (Debian testing watch)
[2020-05-08] Accepted social-auth-app-django 3.1.0-2.1 (source) into unstable (Adrian Bunk)
[2019-02-09] social-auth-app-django 3.1.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted social-auth-app-django 3.1.0-2 (source all) into unstable, unstable (W. Martin Borgert)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.3-1build1