social-auth-app-django - Debian Package Tracker

general

source: social-auth-app-django (main)
version: 5.4.3-1
maintainer: Debian Python Team (DMD)
uploaders: Andre Bianchi [DMD] – Ana Rodríguez López [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.0-2.1
oldstable: 5.0.0-1
stable: 5.4.3-1
testing: 5.4.3-1
unstable: 5.4.3-1

versioned links

3.1.0-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-social-django

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

stop mangling: rule="s/.+\/(\d\S*)\.tar\.gz/social-auth-app-django-$1.tar.gz/ uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\.?\d*)$/$1~$2/"
   rule doesn't match "(s|tr|y)/.*/.*/[a-z]*" (or similar).

Created: 2025-08-20 Last update: 2025-11-07 16:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-61783: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Created: 2025-10-10 Last update: 2025-11-03 00:48

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-61783: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Created: 2025-10-10 Last update: 2025-11-03 00:48

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-61783: (needs triaging) Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-10-10 Last update: 2025-11-03 00:48

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-32879: (needs triaging) Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
CVE-2025-61783: (needs triaging) Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-04-25 Last update: 2025-11-03 00:48

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-02-23] social-auth-app-django 5.4.3-1 MIGRATED to testing (Debian testing watch)
[2025-02-20] Accepted social-auth-app-django 5.4.3-1 (source) into unstable (Carsten Schoenert)
[2024-07-26] social-auth-app-django 5.4.2-1 MIGRATED to testing (Debian testing watch)
[2024-07-24] Accepted social-auth-app-django 5.4.2-1 (source) into unstable (Carsten Schoenert)
[2024-06-10] social-auth-app-django 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2024-06-08] Accepted social-auth-app-django 5.4.1-1 (source) into unstable (Carsten Schoenert)
[2024-02-29] social-auth-app-django 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-26] Accepted social-auth-app-django 5.4.0-1 (source) into unstable (Carsten Schoenert)
[2023-07-03] social-auth-app-django 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2023-07-03] social-auth-app-django 5.2.0-2 MIGRATED to testing (Debian testing watch)
[2023-06-30] Accepted social-auth-app-django 5.2.0-2 (source) into unstable (Carsten Schoenert)
[2023-04-03] Accepted social-auth-app-django 5.2.0-1 (source) into experimental (Carsten Schoenert)
[2021-12-28] social-auth-app-django 5.0.0-1 MIGRATED to testing (Debian testing watch)
[2021-12-26] Accepted social-auth-app-django 5.0.0-1 (source) into unstable (Carsten Schoenert)
[2020-05-19] social-auth-app-django 3.1.0-2.1 MIGRATED to testing (Debian testing watch)
[2020-05-08] Accepted social-auth-app-django 3.1.0-2.1 (source) into unstable (Adrian Bunk)
[2019-02-09] social-auth-app-django 3.1.0-2 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted social-auth-app-django 3.1.0-2 (source all) into unstable, unstable (W. Martin Borgert)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.3-1