UbuntuUpdates.org

Package "python-django-doc"

Name: python-django-doc

Description:

High-level Python web development framework (documentation)

Latest version: 2:2.2.12-1ubuntu0.22
Release: focal (20.04)
Level: updates
Repository: main
Head package: python-django
Homepage: http://www.djangoproject.com/

Links


Download "python-django-doc"


Other versions of "python-django-doc" in Focal

Repository Area Version
base main 2:2.2.12-1
security main 2:2.2.12-1ubuntu0.22

Changelog

Version: 2:2.2.12-1ubuntu0.17 2023-05-03 16:07:20 UTC

  python-django (2:2.2.12-1ubuntu0.17) focal-security; urgency=medium

  * SECURITY UPDATE: Potential bypass of validation when uploading multiple
    files using one form field
    - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files
      in django/forms/widgets.py, docs/topics/http/file-uploads.txt,
      tests/forms_tests/field_tests/test_filefield.py,
      tests/forms_tests/widget_tests/test_clearablefileinput.py,
      tests/forms_tests/widget_tests/test_fileinput.py.
    - CVE-2023-31047

 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:03:19 -0400

Source diff to previous version
CVE-2023-31047 RESERVED

Version: 2:2.2.12-1ubuntu0.16 2023-02-14 16:07:07 UTC

  python-django (2:2.2.12-1ubuntu0.16) focal-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service in file uploads
    - debian/patches/CVE-2023-24580.patch: add limits to
      django/conf/global_settings.py, django/core/exceptions.py,
      django/core/handlers/exception.py, django/http/multipartparser.py,
      django/http/request.py, docs/ref/exceptions.txt,
      docs/ref/settings.txt, tests/handlers/test_exception.py,
      tests/requests/test_data_upload_settings.py.
    - CVE-2023-24580

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:58:48 -0500

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.15 2023-02-01 16:09:33 UTC

  python-django (2:2.2.12-1ubuntu0.15) focal-security; urgency=medium

  * SECURITY UPDATE: Potential DoS via Accept-Language headers
    - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language
      headers in django/utils/translation/trans_real.py,
      tests/i18n/tests.py.
    - CVE-2023-23969

 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:38:45 -0500

Source diff to previous version

Version: 2:2.2.12-1ubuntu0.14 2022-10-04 19:06:26 UTC

  python-django (2:2.2.12-1ubuntu0.14) focal-security; urgency=medium

  * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs
    - debian/patches/CVE-2022-41323.patch: Prevented locales being
      interpreted as regular expressions in django/urls/resolvers.py,
      tests/i18n/patterns/tests.py.
    - CVE-2022-41323

 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:37:54 -0400

Source diff to previous version
CVE-2022-41323 RESERVED

Version: 2:2.2.12-1ubuntu0.13 2022-08-04 19:07:53 UTC

  python-django (2:2.2.12-1ubuntu0.13) focal-security; urgency=medium

  * SECURITY UPDATE: Potential reflected file download
    - debian/patches/CVE-2022-36359.patch: escaped filename in
      Content-Disposition header in django/http/response.py,
      tests/responses/test_fileresponse.py.
    - CVE-2022-36359

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:31:16 -0300

CVE-2022-36359 An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...



About   -   Send Feedback to @ubuntu_updates