Package "python-django"

Name:	python-django
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: High-level Python web development framework (documentation) High-level Python web development framework
Latest version:	2:3.2.12-2ubuntu1.24
Release:	jammy (22.04)
Level:	updates
Repository:	main

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "python-django" in Jammy

Repository	Area	Version
base	main	2:3.2.12-2ubuntu1
security	main	2:3.2.12-2ubuntu1.24

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 2:3.2.12-2ubuntu1.24 2025-12-02 21:07:24 UTC

python-django (2:3.2.12-2ubuntu1.24) jammy-security; urgency=medium * SECURITY UPDATE: SQL injection in FilteredRelation column aliases on PostgreSQL - debian/patches/CVE-2025-13372.patch: protect FilteredRelation against SQL injection in column aliases in django/db/backends/postgresql/compiler.py, django/db/backends/postgresql/operations.py, tests/annotations/tests.py. - CVE-2025-13372 * SECURITY UPDATE: DoS vulnerability in XML serializer text extraction - debian/patches/CVE-2025-64460.patch: corrected quadratic inner text accumulation in XML serializer in django/core/serializers/xml_serializer.py, docs/topics/serialization.txt, tests/serializers/test_xml.py. - CVE-2025-64460 -- Marc Deslauriers <email address hidden> Wed, 26 Nov 2025 11:43:28 -0500

Source diff to previous version

CVE-2025-13372	An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...
CVE-2025-64460	An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ...

Version: 2:3.2.12-2ubuntu1.23 2025-11-05 22:06:57 UTC

Version: 2:3.2.12-2ubuntu1.23	2025-11-05 22:06:57 UTC
python-django (2:3.2.12-2ubuntu1.23) jammy-security; urgency=medium * SECURITY UPDATE: Potential SQL injection in QuerySet and Q objects - debian/patches/CVE-2025-62769-1.patch: Add connects and checks for them in django/db/models/query_utils.py. - debian/patches/CVE-2025-62769-2.patch: Add PROHIBITED_FILTER_KWARGS and check for them in django/db/models/query.py. - CVE-2025-62769 -- Hlib Korzhynskyy <email address hidden> Thu, 30 Oct 2025 11:56:36 -0230
Source diff to previous version

python-django (2:3.2.12-2ubuntu1.23) jammy-security; urgency=medium * SECURITY UPDATE: Potential SQL injection in QuerySet and Q objects - debian/patches/CVE-2025-62769-1.patch: Add connects and checks for them in django/db/models/query_utils.py. - debian/patches/CVE-2025-62769-2.patch: Add PROHIBITED_FILTER_KWARGS and check for them in django/db/models/query.py. - CVE-2025-62769 -- Hlib Korzhynskyy <email address hidden> Thu, 30 Oct 2025 11:56:36 -0230

Source diff to previous version

Version: 2:3.2.12-2ubuntu1.22 2025-10-02 11:07:04 UTC

python-django (2:3.2.12-2ubuntu1.22) jammy-security; urgency=medium * SECURITY UPDATE: Potential SQL injection - debian/patches/CVE-2025-59681.patch: protect against SQL injection in django/db/models/sql/query.py, tests/aggregation/tests.py, tests/annotations/tests.py, tests/expressions/test_queryset_values.py, tests/queries/tests.py. - CVE-2025-59681 * SECURITY UPDATE: Potential partial directory-traversal - debian/patches/CVE-2025-59682.patch: validate path in django/utils/archive.py, tests/utils_tests/test_archive.py. - CVE-2025-59682 -- Marc Deslauriers <email address hidden> Wed, 24 Sep 2025 12:28:31 -0400

Source diff to previous version

CVE-2025-59681	An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggrega
CVE-2025-59682	An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by th

Version: 2:3.2.12-2ubuntu1.21 2025-09-04 00:07:52 UTC

Version: 2:3.2.12-2ubuntu1.21	2025-09-04 00:07:52 UTC
python-django (2:3.2.12-2ubuntu1.21) jammy-security; urgency=medium * SECURITY UPDATE: SQL injection - debian/patches/CVE-2025-57833.patch: protected FilteredRelation against SQL injection in column aliases in django/db/models/sql/query.py, tests/annotations/tests.py. - debian/patches/skipping_tests.patch: skipping FTBFS tests test_strip_tags. - CVE-2025-57833 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Sep 2025 13:01:20 -0300
Source diff to previous version

python-django (2:3.2.12-2ubuntu1.21) jammy-security; urgency=medium * SECURITY UPDATE: SQL injection - debian/patches/CVE-2025-57833.patch: protected FilteredRelation against SQL injection in column aliases in django/db/models/sql/query.py, tests/annotations/tests.py. - debian/patches/skipping_tests.patch: skipping FTBFS tests test_strip_tags. - CVE-2025-57833 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Sep 2025 13:01:20 -0300

Source diff to previous version

Version: 2:3.2.12-2ubuntu1.20 2025-06-16 18:07:30 UTC

python-django (2:3.2.12-2ubuntu1.20) jammy-security; urgency=medium * SECURITY UPDATE: Prevented log injection - debian/patches/CVE-2025-48432-2.patch: prevented log injection in remaining response logging in django/views/generic/base.py, test/generic_views/test_base.py (LP: #2113924) -- Leonidas Da Silva Barbosa <email address hidden> Wed, 11 Jun 2025 16:31:28 -0300

2113924	Incomplete fix for CVE-2025-48432
CVE-2025-48432	Potential log injection via unescaped request path

About - Send Feedback to @ubuntu_updates

Package "python-django"

Links

Other versions of "python-django" in Jammy

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

PPA updates