social-auth-app-django - Debian Package Tracker

general

source: social-auth-app-django (main)
version: 5.4.3-1
maintainer: Debian Python Team (DMD)
uploaders: Andre Bianchi [DMD] – Ana Rodríguez López [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.0-2.1
oldstable: 5.0.0-1
stable: 5.4.3-1
testing: 5.4.3-1
unstable: 5.4.3-1
exp: 5.7.0-1

versioned links

3.1.0-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.7.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-social-django

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

stop mangling: rule="s/.+\/(\d\S*)\.tar\.gz/social-auth-app-django-$1.tar.gz/ uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\.?\d*)$/$1~$2/"
   rule doesn't match "(s|tr|y)/.*/.*/[a-z]*" (or similar).

Created: 2025-11-27 Last update: 2026-01-07 07:31

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-61783: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Created: 2025-10-10 Last update: 2025-11-03 00:48

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-61783: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Created: 2025-10-10 Last update: 2025-11-03 00:48

7 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit a14510c62744d532a23e0c1f1c54d0556161d999
Author: Carsten Schoenert <c.schoenert@t-online.de>
Date:   Sat Jan 3 08:15:38 2026 +0200

    Document changes and release 5.7.0-1

commit d0656237481b8f48297214d4eaef44b6464f8bdd
Author: Carsten Schoenert <c.schoenert@t-online.de>
Date:   Sat Jan 3 08:27:05 2026 +0200

    d/copyright: Update content and year data

commit 916f88c21e0b3c236e26d3899cfdd31594bdc75b
Author: Carsten Schoenert <c.schoenert@t-online.de>
Date:   Sat Jan 3 08:13:52 2026 +0200

    d/control: Update Standards-Version to 4.7.3
    
    No further changes needed.

commit 412dc5b03498eb3eea985592ad75f176415d8d7d
Author: Carsten Schoenert <c.schoenert@t-online.de>
Date:   Sat Jan 3 08:12:58 2026 +0200

    d/control: Bump B-D on python3-social-auth-core >= 4.8.3

commit 764f41bde10ed5d13279fc0e0c7959c40bc24034
Merge: ee6d21a 9e39505
Author: Carsten Schoenert <c.schoenert@t-online.de>
Date:   Sat Jan 3 08:11:19 2026 +0200

    Update upstream source from tag 'upstream/5.7.0'
    
    Update to upstream version '5.7.0'
    with Debian dir 38994913a7b5df0c00e08d9585a03a891e8064b2

commit 9e395054af052c52f71a9bc2b89e399e25445b3e
Author: Carsten Schoenert <c.schoenert@t-online.de>
Date:   Sat Jan 3 08:11:14 2026 +0200

    New upstream version 5.7.0

Created: 2026-01-03 Last update: 2026-01-03 16:00

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-61783: (needs triaging) Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-10 Last update: 2025-11-03 00:48

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-32879: (needs triaging) Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
CVE-2025-61783: (needs triaging) Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-04-25 Last update: 2025-11-03 00:48

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-12-23 20:00

news

[rss feed]

[2026-01-03] Accepted social-auth-app-django 5.7.0-1 (source) into experimental (Carsten Schoenert)
[2025-11-25] Accepted social-auth-app-django 5.6.0-1 (source) into experimental (Carsten Schoenert)
[2025-02-23] social-auth-app-django 5.4.3-1 MIGRATED to testing (Debian testing watch)
[2025-02-20] Accepted social-auth-app-django 5.4.3-1 (source) into unstable (Carsten Schoenert)
[2024-07-26] social-auth-app-django 5.4.2-1 MIGRATED to testing (Debian testing watch)
[2024-07-24] Accepted social-auth-app-django 5.4.2-1 (source) into unstable (Carsten Schoenert)
[2024-06-10] social-auth-app-django 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2024-06-08] Accepted social-auth-app-django 5.4.1-1 (source) into unstable (Carsten Schoenert)
[2024-02-29] social-auth-app-django 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-26] Accepted social-auth-app-django 5.4.0-1 (source) into unstable (Carsten Schoenert)
[2023-07-03] social-auth-app-django 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2023-07-03] social-auth-app-django 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2023-06-30] Accepted social-auth-app-django 5.2.0-2 (source) into unstable (Carsten Schoenert)
[2023-04-03] Accepted social-auth-app-django 5.2.0-1 (source) into experimental (Carsten Schoenert)
[2021-12-28] social-auth-app-django 5.0.0-1 MIGRATED to testing (Debian testing watch)
[2021-12-26] Accepted social-auth-app-django 5.0.0-1 (source) into unstable (Carsten Schoenert)
[2020-05-19] social-auth-app-django 3.1.0-2.1 MIGRATED to testing (Debian testing watch)
[2020-05-08] Accepted social-auth-app-django 3.1.0-2.1 (source) into unstable (Adrian Bunk)
[2019-02-09] social-auth-app-django 3.1.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted social-auth-app-django 3.1.0-2 (source all) into unstable, unstable (W. Martin Borgert)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, exp, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.3-1