UbuntuUpdates.org

Package "python-django-common"

Name: python-django-common

Description:

High-level Python web development framework (common)

Latest version: 1:1.11.11-1ubuntu1.21
Release: bionic (18.04)
Level: security
Repository: main
Head package: python-django
Homepage: http://www.djangoproject.com/

Links


Download "python-django-common"


Other versions of "python-django-common" in Bionic

Repository Area Version
base main 1:1.11.11-1ubuntu1
updates main 1:1.11.11-1ubuntu1.21

Changelog

Version: 1:1.11.11-1ubuntu1.21 2023-05-03 15:07:14 UTC

  python-django (1:1.11.11-1ubuntu1.21) bionic-security; urgency=medium

  * SECURITY UPDATE: Potential bypass of validation when uploading multiple
    files using one form field
    - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files
      in django/forms/widgets.py, docs/topics/http/file-uploads.txt,
      tests/forms_tests/field_tests/test_filefield.py,
      tests/forms_tests/widget_tests/test_clearablefileinput.py,
      tests/forms_tests/widget_tests/test_fileinput.py.
    - CVE-2023-31047

 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:05:28 -0400

Source diff to previous version
CVE-2023-31047 RESERVED

Version: 1:1.11.11-1ubuntu1.20 2023-02-14 15:07:03 UTC

  python-django (1:1.11.11-1ubuntu1.20) bionic-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service in file uploads
    - debian/patches/CVE-2023-24580.patch: add limits to
      django/conf/global_settings.py, django/core/exceptions.py,
      django/core/handlers/exception.py, django/http/multipartparser.py,
      django/http/request.py, docs/ref/exceptions.txt,
      docs/ref/settings.txt, tests/handlers/test_exception.py,
      tests/requests/test_data_upload_settings.py.
    - CVE-2023-24580

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 10:30:23 -0500

Source diff to previous version

Version: 1:1.11.11-1ubuntu1.19 2023-02-01 15:07:11 UTC

  python-django (1:1.11.11-1ubuntu1.19) bionic-security; urgency=medium

  * SECURITY UPDATE: Potential DoS via Accept-Language headers
    - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language
      headers in django/utils/translation/trans_real.py,
      tests/i18n/tests.py.
    - CVE-2023-23969

 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:45:22 -0500

Source diff to previous version

Version: 1:1.11.11-1ubuntu1.18 2022-07-05 21:45:36 UTC

  python-django (1:1.11.11-1ubuntu1.18) bionic-security; urgency=medium

  * SECURITY UPDATE: Potential SQL invjection
    - debian/patches/CVE-2022-34265.patch: protected
      trunc/extract against SQL injection in
      django/db/backends/base/operations.py,
      django/db/models/functions/datetime.py.
    - CVE-2022-34265

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 15:19:32 -0300

Source diff to previous version
CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...

Version: 1:1.11.11-1ubuntu1.17 2022-04-11 12:06:18 UTC

  python-django (1:1.11.11-1ubuntu1.17) bionic-security; urgency=medium

  * SECURITY UPDATE: Potential SQL injection in QuerySet.annotate(),
    aggregate(), and extra()
    - debian/patches/CVE-2022-28346.patch: prevent SQL injection in column
      aliases in django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2022-28346
  * SECURITY UPDATE: header injection in URLValidator with Python security
    update
    - debian/patches/CVE-2021-32052.patch: prevent newlines and tabs from
      being accepted in URLValidator in django/core/validators.py,
      tests/validators/tests.py.
    - CVE-2021-32052

 -- Marc Deslauriers <email address hidden> Tue, 05 Apr 2022 12:40:49 -0400

CVE-2022-28346 Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
CVE-2021-32052 In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless t



About   -   Send Feedback to @ubuntu_updates