UbuntuUpdates.org

Package "python-django"

Name: python-django

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • High-level Python web development framework (documentation)
  • High-level Python web development framework

Latest version: 2:2.2.12-1ubuntu0.21
Release: focal (20.04)
Level: security
Repository: main

Links



Other versions of "python-django" in Focal

Repository Area Version
base main 2:2.2.12-1
updates main 2:2.2.12-1ubuntu0.21

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:2.2.12-1ubuntu0.16 2023-02-14 19:07:03 UTC

  python-django (2:2.2.12-1ubuntu0.16) focal-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service in file uploads
    - debian/patches/CVE-2023-24580.patch: add limits to
      django/conf/global_settings.py, django/core/exceptions.py,
      django/core/handlers/exception.py, django/http/multipartparser.py,
      django/http/request.py, docs/ref/exceptions.txt,
      docs/ref/settings.txt, tests/handlers/test_exception.py,
      tests/requests/test_data_upload_settings.py.
    - CVE-2023-24580

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:58:48 -0500

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.15 2023-02-01 15:07:16 UTC

  python-django (2:2.2.12-1ubuntu0.15) focal-security; urgency=medium

  * SECURITY UPDATE: Potential DoS via Accept-Language headers
    - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language
      headers in django/utils/translation/trans_real.py,
      tests/i18n/tests.py.
    - CVE-2023-23969

 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:38:45 -0500

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.14 2022-10-04 14:06:21 UTC

  python-django (2:2.2.12-1ubuntu0.14) focal-security; urgency=medium

  * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs
    - debian/patches/CVE-2022-41323.patch: Prevented locales being
      interpreted as regular expressions in django/urls/resolvers.py,
      tests/i18n/patterns/tests.py.
    - CVE-2022-41323

 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:37:54 -0400

Source diff to previous version
CVE-2022-41323 RESERVED

Version: 2:2.2.12-1ubuntu0.13 2022-08-04 18:06:24 UTC

  python-django (2:2.2.12-1ubuntu0.13) focal-security; urgency=medium

  * SECURITY UPDATE: Potential reflected file download
    - debian/patches/CVE-2022-36359.patch: escaped filename in
      Content-Disposition header in django/http/response.py,
      tests/responses/test_fileresponse.py.
    - CVE-2022-36359

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:31:16 -0300

Source diff to previous version
CVE-2022-36359 An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...

Version: 2:2.2.12-1ubuntu0.12 2022-07-05 21:45:51 UTC

  python-django (2:2.2.12-1ubuntu0.12) focal-security; urgency=medium

  * SECURITY UPDATE: Potential SQL invjection
    - debian/patches/CVE-2022-34265.patch: protected
      trunc/extract against SQL injection in
      django/db/backends/base/operations.py,
      django/db/models/functions/datetime.py.
    - CVE-2022-34265

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 13:44:58 -0300

CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...



About   -   Send Feedback to @ubuntu_updates