UbuntuUpdates.org

Package "python-django"

Name: python-django

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • High-level Python web development framework (documentation)
  • High-level Python web development framework

Latest version: 2:2.2.20-1
Release: hirsute (21.04)
Level: base
Repository: main

Links



Other versions of "python-django" in Hirsute

Repository Area Version
security main 2:2.2.20-1ubuntu0.1
updates main 2:2.2.20-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:2.2.20-1 2021-04-10 18:07:17 UTC

  python-django (2:2.2.20-1) unstable; urgency=medium

  * New upstream security release:

    - CVE-2021-28658: The MultiPartParser class allowed directory-traversal
      via uploaded files via maliciously crafted filenames. (Closes: #986447)

 -- Chris Lamb <email address hidden> Tue, 06 Apr 2021 11:44:51 +0100

Source diff to previous version
986447 python-django: CVE-2021-28658
CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably cr

Version: 2:2.2.19-1ubuntu1 2021-04-08 14:06:31 UTC

  python-django (2:2.2.19-1ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: Potential directory-traversal via uploaded files
    - debian/patches/CVE-2021-28658.patch: properly sanitize filenames in
      django/http/multipartparser.py, tests/file_uploads/tests.py,
      tests/file_uploads/uploadhandler.py, tests/file_uploads/urls.py,
      tests/file_uploads/views.py.
    - CVE-2021-28658

 -- Marc Deslauriers <email address hidden> Tue, 06 Apr 2021 08:18:46 -0400

CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably cr



About   -   Send Feedback to @ubuntu_updates