UbuntuUpdates.org

Package "python-django"

Name: python-django

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • High-level Python web development framework (documentation)
  • High-level Python web development framework
Latest version: 2:3.2.12-2ubuntu1.5
Release: jammy (22.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python-django" in Jammy

Repository Area Version
base main 2:3.2.12-2ubuntu1
updates main 2:3.2.12-2ubuntu1.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:3.2.12-2ubuntu1.5 2023-02-14 15:07:07 UTC

  python-django (2:3.2.12-2ubuntu1.5) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service in file uploads
    - debian/patches/CVE-2023-24580.patch: add limits to
      django/conf/global_settings.py, django/core/exceptions.py,
      django/core/handlers/exception.py, django/http/multipartparser.py,
      django/http/request.py, docs/ref/exceptions.txt,
      docs/ref/settings.txt, tests/handlers/test_exception.py,
      tests/requests/test_data_upload_settings.py.
    - CVE-2023-24580

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:56:44 -0500
Source diff to previous version

Version: 2:3.2.12-2ubuntu1.4 2023-02-01 15:07:19 UTC

  python-django (2:3.2.12-2ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential DoS via Accept-Language headers
    - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language
      headers in django/utils/translation/trans_real.py,
      tests/i18n/tests.py.
    - CVE-2023-23969

 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:37:50 -0500
Source diff to previous version

Version: 2:3.2.12-2ubuntu1.3 2022-10-04 14:06:22 UTC

  python-django (2:3.2.12-2ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs
    - debian/patches/CVE-2022-41323.patch: Prevented locales being
      interpreted as regular expressions in django/urls/resolvers.py,
      tests/i18n/patterns/tests.py.
    - CVE-2022-41323

 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:35:14 -0400
Source diff to previous version
CVE-2022-41323 RESERVED

Version: 2:3.2.12-2ubuntu1.2 2022-08-04 18:06:26 UTC

  python-django (2:3.2.12-2ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential reflected file download
    - debian/patches/CVE-2022-36359.patch: escaped filename in
      Content-Disposition header in django/http/response.py,
      tests/responses/test_fileresponse.py.
    - CVE-2022-36359

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:12:17 -0300
Source diff to previous version
CVE-2022-36359 An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...

Version: 2:3.2.12-2ubuntu1.1 2022-07-05 21:46:32 UTC

  python-django (2:3.2.12-2ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential SQL invjection
    - debian/patches/CVE-2022-34265.patch: protected
      trunc/extract against SQL injection in
      django/db/backends/base/operations.py,
      django/db/models/functions/datetime.py.
    - CVE-2022-34265

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 09:29:53 -0300
CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...


About   -   Send Feedback to @ubuntu_updates