UbuntuUpdates.org

Package "python-django-doc"

Name: python-django-doc

Description:

High-level Python web development framework (documentation)

Latest version: 2:2.2.20-1
Release: hirsute (21.04)
Level: base
Repository: main
Head package: python-django
Homepage: http://www.djangoproject.com/

Links


Download "python-django-doc"


Other versions of "python-django-doc" in Hirsute

Repository Area Version
security main 2:2.2.20-1ubuntu0.2
updates main 2:2.2.20-1ubuntu0.2

Changelog

Version: 2:2.2.20-1 2021-04-10 18:07:17 UTC

  python-django (2:2.2.20-1) unstable; urgency=medium

  * New upstream security release:

    - CVE-2021-28658: The MultiPartParser class allowed directory-traversal
      via uploaded files via maliciously crafted filenames. (Closes: #986447)

 -- Chris Lamb <email address hidden> Tue, 06 Apr 2021 11:44:51 +0100

Source diff to previous version
986447 python-django: CVE-2021-28658
CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably cr

Version: 2:2.2.19-1ubuntu1 2021-04-08 14:06:31 UTC

  python-django (2:2.2.19-1ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: Potential directory-traversal via uploaded files
    - debian/patches/CVE-2021-28658.patch: properly sanitize filenames in
      django/http/multipartparser.py, tests/file_uploads/tests.py,
      tests/file_uploads/uploadhandler.py, tests/file_uploads/urls.py,
      tests/file_uploads/views.py.
    - CVE-2021-28658

 -- Marc Deslauriers <email address hidden> Tue, 06 Apr 2021 08:18:46 -0400

CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably cr



About   -   Send Feedback to @ubuntu_updates