Package "python-django"
| Name: |
python-django
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- High-level Python web development framework (documentation)
- High-level Python web development framework
|
| Latest version: |
3:5.2.9-0ubuntu4.1 |
| Release: |
resolute (26.04) |
| Level: |
security |
| Repository: |
main |
Links
Other versions of "python-django" in Resolute
Packages in group
Deleted packages are displayed in grey.
Changelog
|
python-django (3:5.2.9-0ubuntu4.1) resolute-security; urgency=medium
* SECURITY UPDATE: Potential denial-of-service vulnerability in ASGI
requests via file upload limit bypass
- debian/patches/CVE-2026-5766.patch: enforce
DATA_UPLOAD_MAX_MEMORY_SIZE in MemoryFileUploadHandler on ASGI in
django/core/files/uploadhandler.py, tests/asgi/tests.py,
tests/requests_tests/tests.py.
- CVE-2026-5766
* SECURITY UPDATE: Session fixation via public cached pages and
SESSION_SAVE_EVERY_REQUEST
- debian/patches/CVE-2026-35192.patch: ensure Vary header is sent when
setting session cookie with SESSION_SAVE_EVERY_REQUEST=True in
django/contrib/sessions/middleware.py, tests/sessions_tests/tests.py.
- CVE-2026-35192
* SECURITY UPDATE: Potential exposure of private data due to incorrect
handling of Vary: * in UpdateCacheMiddleware
- debian/patches/CVE-2026-6907.patch: prevent caching of requests when
Vary header contains an asterisk in django/middleware/cache.py,
tests/cache/tests.py.
- CVE-2026-6907
-- Marc Deslauriers <email address hidden> Tue, 28 Apr 2026 13:35:31 -0400
|
About
-
Send Feedback to @ubuntu_updates
