Package "python-django"

  python-django (2:2.2.12-1ubuntu0.16) focal-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service in file uploads
    - debian/patches/CVE-2023-24580.patch: add limits to
      django/conf/global_settings.py, django/core/exceptions.py,
      django/core/handlers/exception.py, django/http/multipartparser.py,
      django/http/request.py, docs/ref/exceptions.txt,
      docs/ref/settings.txt, tests/handlers/test_exception.py,
      tests/requests/test_data_upload_settings.py.
    - CVE-2023-24580

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:58:48 -0500

  python-django (2:2.2.12-1ubuntu0.15) focal-security; urgency=medium

  * SECURITY UPDATE: Potential DoS via Accept-Language headers
    - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language
      headers in django/utils/translation/trans_real.py,
      tests/i18n/tests.py.
    - CVE-2023-23969

 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:38:45 -0500

  python-django (2:2.2.12-1ubuntu0.14) focal-security; urgency=medium

  * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs
    - debian/patches/CVE-2022-41323.patch: Prevented locales being
      interpreted as regular expressions in django/urls/resolvers.py,
      tests/i18n/patterns/tests.py.
    - CVE-2022-41323

 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:37:54 -0400

  python-django (2:2.2.12-1ubuntu0.13) focal-security; urgency=medium

  * SECURITY UPDATE: Potential reflected file download
    - debian/patches/CVE-2022-36359.patch: escaped filename in
      Content-Disposition header in django/http/response.py,
      tests/responses/test_fileresponse.py.
    - CVE-2022-36359

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:31:16 -0300

  python-django (2:2.2.12-1ubuntu0.12) focal-security; urgency=medium

  * SECURITY UPDATE: Potential SQL invjection
    - debian/patches/CVE-2022-34265.patch: protected
      trunc/extract against SQL injection in
      django/db/backends/base/operations.py,
      django/db/models/functions/datetime.py.
    - CVE-2022-34265

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 13:44:58 -0300