UbuntuUpdates.org

Package "python-django-doc"

Name: python-django-doc

Description:

High-level Python web development framework (documentation)
Latest version: 2:3.2.12-2ubuntu1.11
Release: jammy (22.04)
Level: security
Repository: main
Head package: python-django
Homepage: http://www.djangoproject.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-django-doc"

All arch deb package
APT INSTALL

Other versions of "python-django-doc" in Jammy

Repository Area Version
base main 2:3.2.12-2ubuntu1
updates main 2:3.2.12-2ubuntu1.11

Changelog

Version: 2:3.2.12-2ubuntu1.6 2023-05-03 15:07:21 UTC

  python-django (2:3.2.12-2ubuntu1.6) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential bypass of validation when uploading multiple
    files using one form field
    - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files
      in django/forms/widgets.py, docs/topics/http/file-uploads.txt,
      tests/forms_tests/field_tests/test_filefield.py,
      tests/forms_tests/widget_tests/test_clearablefileinput.py,
      tests/forms_tests/widget_tests/test_fileinput.py.
    - CVE-2023-31047

 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:00:52 -0400
Source diff to previous version
CVE-2023-31047 RESERVED

Version: 2:3.2.12-2ubuntu1.5 2023-02-14 15:07:07 UTC

  python-django (2:3.2.12-2ubuntu1.5) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service in file uploads
    - debian/patches/CVE-2023-24580.patch: add limits to
      django/conf/global_settings.py, django/core/exceptions.py,
      django/core/handlers/exception.py, django/http/multipartparser.py,
      django/http/request.py, docs/ref/exceptions.txt,
      docs/ref/settings.txt, tests/handlers/test_exception.py,
      tests/requests/test_data_upload_settings.py.
    - CVE-2023-24580

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:56:44 -0500
Source diff to previous version

Version: 2:3.2.12-2ubuntu1.4 2023-02-01 15:07:19 UTC

  python-django (2:3.2.12-2ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential DoS via Accept-Language headers
    - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language
      headers in django/utils/translation/trans_real.py,
      tests/i18n/tests.py.
    - CVE-2023-23969

 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:37:50 -0500
Source diff to previous version

Version: 2:3.2.12-2ubuntu1.3 2022-10-04 14:06:22 UTC

  python-django (2:3.2.12-2ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs
    - debian/patches/CVE-2022-41323.patch: Prevented locales being
      interpreted as regular expressions in django/urls/resolvers.py,
      tests/i18n/patterns/tests.py.
    - CVE-2022-41323

 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:35:14 -0400
Source diff to previous version
CVE-2022-41323 RESERVED

Version: 2:3.2.12-2ubuntu1.2 2022-08-04 18:06:26 UTC

  python-django (2:3.2.12-2ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential reflected file download
    - debian/patches/CVE-2022-36359.patch: escaped filename in
      Content-Disposition header in django/http/response.py,
      tests/responses/test_fileresponse.py.
    - CVE-2022-36359

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:12:17 -0300
CVE-2022-36359 An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...


About   -   Send Feedback to @ubuntu_updates