Package "python-django"
| Name: |
python-django
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- High-level Python web development framework (documentation)
- High-level Python web development framework
|
| Latest version: |
2:3.2.12-2ubuntu1.25 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
main |
Links
Other versions of "python-django" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
python-django (2:3.2.12-2ubuntu1.25) jammy-security; urgency=medium
* SECURITY UPDATE: Username enumeration through timing difference in
mod_wsgi authentication handler
- debian/patches/CVE-2025-13473.patch: standardize timing of
check_password() in mod_wsgi auth handler in
django/contrib/auth/handlers/modwsgi.py,
tests/auth_tests/test_handlers.py.
- CVE-2025-13473
* SECURITY UPDATE: Potential denial-of-service vulnerability via repeated
headers when using ASGI
- debian/patches/CVE-2025-14550.patch: optimize repeated header parsing
in ASGI requests in django/core/handlers/asgi.py,
tests/asgi/tests.py.
- CVE-2025-14550
* SECURITY UPDATE: Potential SQL injection via raster lookups on PostGIS
- debian/patches/CVE-2026-1207.patch: prevent SQL injections in
RasterField lookups via band index in
django/contrib/gis/db/backends/postgis/operations.py,
tests/gis_tests/rasterapp/test_rasterfield.py.
- CVE-2026-1207
* SECURITY UPDATE: Potential denial-of-service vulnerability in
django.utils.text.Truncator HTML methods
- debian/patches/CVE-2026-1285.patch: mitigate potential DoS in
django.utils.text.Truncator for HTML input in django/utils/text.py,
tests/utils_tests/test_text.py.
- CVE-2026-1285
* SECURITY UPDATE: Potential SQL injection in column aliases via control
characters
- debian/patches/CVE-2026-1287.patch: protect against SQL injection in
column aliases via control characters in
django/db/models/sql/query.py, tests/aggregation/tests.py,
tests/annotations/tests.py, tests/queries/tests.py,
tests/expressions/test_queryset_values.py.
- CVE-2026-1287
-- Marc Deslauriers <email address hidden> Wed, 28 Jan 2026 08:16:57 -0500
|
| Source diff to previous version |
| CVE-2025-13473 |
Username enumeration through timing difference in mod_wsgi authentication handler |
| CVE-2025-14550 |
Potential denial-of-service vulnerability via repeated headers when using ASGI |
| CVE-2026-1207 |
Potential SQL injection via raster lookups on PostGIS |
| CVE-2026-1285 |
Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods |
| CVE-2026-1287 |
Potential SQL injection in column aliases via control characters |
|
|
python-django (2:3.2.12-2ubuntu1.24) jammy-security; urgency=medium
* SECURITY UPDATE: SQL injection in FilteredRelation column aliases on
PostgreSQL
- debian/patches/CVE-2025-13372.patch: protect FilteredRelation against
SQL injection in column aliases in
django/db/backends/postgresql/compiler.py,
django/db/backends/postgresql/operations.py,
tests/annotations/tests.py.
- CVE-2025-13372
* SECURITY UPDATE: DoS vulnerability in XML serializer text extraction
- debian/patches/CVE-2025-64460.patch: corrected quadratic inner text
accumulation in XML serializer in
django/core/serializers/xml_serializer.py,
docs/topics/serialization.txt,
tests/serializers/test_xml.py.
- CVE-2025-64460
-- Marc Deslauriers <email address hidden> Wed, 26 Nov 2025 11:43:28 -0500
|
| Source diff to previous version |
| CVE-2025-13372 |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ... |
| CVE-2025-64460 |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4. ... |
|
|
python-django (2:3.2.12-2ubuntu1.23) jammy-security; urgency=medium
* SECURITY UPDATE: Potential SQL injection in QuerySet and Q objects
- debian/patches/CVE-2025-62769-1.patch: Add connects and checks for them
in django/db/models/query_utils.py.
- debian/patches/CVE-2025-62769-2.patch: Add PROHIBITED_FILTER_KWARGS and
check for them in django/db/models/query.py.
- CVE-2025-62769
-- Hlib Korzhynskyy <email address hidden> Thu, 30 Oct 2025 11:56:36 -0230
|
| Source diff to previous version |
|
python-django (2:3.2.12-2ubuntu1.22) jammy-security; urgency=medium
* SECURITY UPDATE: Potential SQL injection
- debian/patches/CVE-2025-59681.patch: protect against SQL injection in
django/db/models/sql/query.py, tests/aggregation/tests.py,
tests/annotations/tests.py,
tests/expressions/test_queryset_values.py, tests/queries/tests.py.
- CVE-2025-59681
* SECURITY UPDATE: Potential partial directory-traversal
- debian/patches/CVE-2025-59682.patch: validate path in
django/utils/archive.py, tests/utils_tests/test_archive.py.
- CVE-2025-59682
-- Marc Deslauriers <email address hidden> Wed, 24 Sep 2025 12:28:31 -0400
|
| Source diff to previous version |
| CVE-2025-59681 |
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggrega |
| CVE-2025-59682 |
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by th |
|
|
python-django (2:3.2.12-2ubuntu1.21) jammy-security; urgency=medium
* SECURITY UPDATE: SQL injection
- debian/patches/CVE-2025-57833.patch: protected
FilteredRelation against SQL injection in column
aliases in django/db/models/sql/query.py,
tests/annotations/tests.py.
- debian/patches/skipping_tests.patch: skipping
FTBFS tests test_strip_tags.
- CVE-2025-57833
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Sep 2025 13:01:20 -0300
|
About
-
Send Feedback to @ubuntu_updates
