UbuntuUpdates.org

Package "python-django"

Name: python-django

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • High-level Python web development framework (common)
  • High-level Python web development framework (documentation)
  • High-level Python web development framework (Python 3 version)

Latest version: 1:1.11.22-1ubuntu1.4
Release: eoan (19.10)
Level: security
Repository: main

Links



Other versions of "python-django" in Eoan

Repository Area Version
base universe 1:1.11.22-1ubuntu1
base main 1:1.11.22-1ubuntu1
security universe 1:1.11.22-1ubuntu1.4
updates main 1:1.11.22-1ubuntu1.4
updates universe 1:1.11.22-1ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:1.11.22-1ubuntu1.4 2020-06-03 20:06:36 UTC

  python-django (1:1.11.22-1ubuntu1.4) eoan-security; urgency=medium

  * SECURITY UPDATE: Potential data leakage via malformed memcached keys
    - debian/patches/CVE-2020-13254.patch: enforced cache key validation in
      memcached backends in django/core/cache/__init__.py,
      django/core/cache/backends/base.py,
      django/core/cache/backends/memcached.py, tests/cache/tests.py.
    - CVE-2020-13254
  * SECURITY UPDATE: Possible XSS via admin ForeignKeyRawIdWidget
    - debian/patches/CVE-2020-13596.patch: fixed potential XSS in admin
      ForeignKeyRawIdWidget in django/contrib/admin/widgets.py,
      tests/admin_widgets/models.py, tests/admin_widgets/tests.py.
    - CVE-2020-13596

 -- Marc Deslauriers <email address hidden> Thu, 28 May 2020 10:28:03 -0400

Source diff to previous version
CVE-2020-13254 RESERVED
CVE-2020-13596 RESERVED

Version: 1:1.11.22-1ubuntu1.3 2020-03-04 14:06:30 UTC

  python-django (1:1.11.22-1ubuntu1.3) eoan-security; urgency=medium

  * SECURITY UPDATE: SQL injection in Oracle GIS functions and aggregates
    - debian/patches/CVE-2020-9402.patch: properly escaped tolerance
      parameter in GIS functions and aggregates on Oracle in
      django/contrib/gis/db/models/aggregates.py,
      django/contrib/gis/db/models/functions.py,
      tests/gis_tests/distapp/tests.py, tests/gis_tests/geoapp/tests.py.
    - CVE-2020-9402

 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2020 13:05:32 -0500

Source diff to previous version

Version: 1:1.11.22-1ubuntu1.2 2020-02-04 10:06:59 UTC

  python-django (1:1.11.22-1ubuntu1.2) eoan-security; urgency=medium

  * SECURITY UPDATE: Possible SQL injection in the postgres aggregates
    StringAgg function
    - debian/patches/CVE-2020-7471.patch: Update
      django/contrib/postgres/aggregates/general.py to escape delimited
      parameter to the StringAgg function. Upstream patch.
    - CVE-2020-7471

 -- Alex Murray <email address hidden> Fri, 31 Jan 2020 14:05:54 +1030

Source diff to previous version
CVE-2020-7471 Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...

Version: 1:1.11.22-1ubuntu1.1 2019-12-19 02:06:56 UTC

  python-django (1:1.11.22-1ubuntu1.1) eoan-security; urgency=medium

  * SECURITY UPDATE: Potential account hijack via password reset form
    - debian/patches/CVE-2019-19844.patch: Use verified user email for
      password reset requests.
    - CVE-2019-19844

 -- Steve Beattie <email address hidden> Wed, 18 Dec 2019 08:40:29 -0800

CVE-2019-19844 Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...



About   -   Send Feedback to @ubuntu_updates