UbuntuUpdates.org

Package "python3-django"

Name: python3-django

Description:

High-level Python web development framework

Latest version: 2:2.2.12-1ubuntu0.21
Release: focal (20.04)
Level: security
Repository: main
Head package: python-django
Homepage: http://www.djangoproject.com/

Links


Download "python3-django"


Other versions of "python3-django" in Focal

Repository Area Version
base main 2:2.2.12-1
updates main 2:2.2.12-1ubuntu0.21

Changelog

Version: 2:2.2.12-1ubuntu0.21 2024-02-06 17:06:52 UTC

  python-django (2:2.2.12-1ubuntu0.21) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-24680.patch: rewrite
      regex logic to avoid DoS in django/contrib/humanize/templatetags
      /humanize.py, tests/humanize_tests/tests.py.
    - CVE-2024-24680

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 30 Jan 2024 09:27:23 -0300

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.20 2023-10-04 18:10:02 UTC

  python-django (2:2.2.12-1ubuntu0.20) focal-security; urgency=medium

  * SECURITY UPDATE: DoS possibility in django.utils.text.Truncator
    - debian/patches/CVE-2023-43665.patch: limit size of input strings in
      django/utils/text.py, tests/utils_tests/test_text.py.
    - CVE-2023-43665

 -- Marc Deslauriers <email address hidden> Wed, 27 Sep 2023 13:37:46 -0400

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.19 2023-09-18 16:08:03 UTC

  python-django (2:2.2.12-1ubuntu0.19) focal-security; urgency=medium

  * SECURITY UPDATE: DoS in django.utils.encoding.uri_to_iri()
    - debian/patches/CVE-2023-41164.patch: properly handle large number of
      Unicode characters in django/utils/encoding.py,
      tests/utils_tests/test_encoding.py.
    - CVE-2023-41164

 -- Marc Deslauriers <email address hidden> Fri, 15 Sep 2023 09:17:39 -0400

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.18 2023-07-05 14:07:06 UTC

  python-django (2:2.2.12-1ubuntu0.18) focal-security; urgency=medium

  * SECURITY UPDATE: Potential ReDoS issues
    - debian/patches/CVE-2023-36053-pre1.patch: fix URLValidator hostname
      length validation in django/core/validators.py,
      tests/validators/valid_urls.txt.
    - debian/patches/CVE-2023-36053.patch: prevent potential ReDoS in
      EmailValidator and URLValidator in django/core/validators.py,
      django/forms/fields.py,
      tests/forms_tests/field_tests/test_emailfield.py,
      tests/forms_tests/tests/test_forms.py, tests/validators/tests.py.
    - CVE-2023-36053

 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2023 09:40:09 -0400

Source diff to previous version
CVE-2023-36053 In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular express

Version: 2:2.2.12-1ubuntu0.17 2023-05-03 15:07:17 UTC

  python-django (2:2.2.12-1ubuntu0.17) focal-security; urgency=medium

  * SECURITY UPDATE: Potential bypass of validation when uploading multiple
    files using one form field
    - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files
      in django/forms/widgets.py, docs/topics/http/file-uploads.txt,
      tests/forms_tests/field_tests/test_filefield.py,
      tests/forms_tests/widget_tests/test_clearablefileinput.py,
      tests/forms_tests/widget_tests/test_fileinput.py.
    - CVE-2023-31047

 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:03:19 -0400

CVE-2023-31047 RESERVED



About   -   Send Feedback to @ubuntu_updates