Package "python-django-doc"
Name: |
python-django-doc
|
Description: |
High-level Python web development framework (documentation)
|
Latest version: |
2:3.2.12-2ubuntu1.14 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Head package: |
python-django |
Homepage: |
http://www.djangoproject.com/ |
Links
Download "python-django-doc"
Other versions of "python-django-doc" in Jammy
Changelog
python-django (2:3.2.12-2ubuntu1.14) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-45230.patch: mitigate
potential DoS in urlize and urlizetrunc template filters
in django/utils/html.py,
tests/template_tests/filter_tests/test_urlize.py,
tests/utils_tests/test_html.py.
- CVE-2024-45230
* SECURITY UPDATE: User email enumeration
- debian/patches/CVE-2024-45231.patch: avoid
server error on password reset when email sending fails
in django/contrib/auth/forms.py,
tests/auth_tests/test_forms.py,
tests/mail/custombackend.py.
- CVE-2024-45231
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 27 Aug 2024 11:53:08 -0300
|
Source diff to previous version |
python-django (2:3.2.12-2ubuntu1.13) jammy-security; urgency=medium
* SECURITY UPDATE: Memory exhaustion issue
- debian/patches/CVE-2024-41989-pre1.patch: fix loss of precision for
Decimal values in floatformat filter in
django/template/defaultfilters.py,
tests/template_tests/filter_tests/test_floatformat.py.
- debian/patches/CVE-2024-41989-pre2.patch: fix floatformat crash on
zero with trailing zeros to zero decimal places in
django/template/defaultfilters.py,
tests/template_tests/filter_tests/test_floatformat.py.
- debian/patches/CVE-2024-41989-pre3.patch: fix floatformat crash on
zero with trailing zeros in django/template/defaultfilters.py,
tests/template_tests/filter_tests/test_floatformat.py.
- debian/patches/CVE-2024-41989.patch: prevent excessive memory
consumption in floatformat in django/template/defaultfilters.py,
tests/template_tests/filter_tests/test_floatformat.py.
- CVE-2024-41989
* SECURITY UPDATE: DoS vulnerability in django.utils.html.urlize()
- debian/patches/CVE-2024-41990.patch: mitigate potential DoS in urlize
and urlizetrunc template filters in django/utils/html.py,
tests/utils_tests/test_html.py.
- CVE-2024-41990
* SECURITY UPDATE: DoS vulnerability in django.utils.html.urlize() and
AdminURLFieldWidget
- debian/patches/CVE-2024-41991.patch: prevented potential ReDoS
in django/contrib/admin/widgets.py, django/utils/html.py,
tests/admin_widgets/tests.py, tests/utils_tests/test_html.py.
- CVE-2024-41991
* SECURITY UPDATE: SQL injection in QuerySet.values() and values_list()
- debian/patches/CVE-2024-42005.patch: mitigate QuerySet.values() SQL
injection attacks against JSON fields in
django/db/models/sql/query.py, tests/expressions/models.py,
tests/expressions/test_queryset_values.py.
- CVE-2024-42005
-- Marc Deslauriers <email address hidden> Wed, 31 Jul 2024 07:17:18 -0400
|
Source diff to previous version |
python-django (2:3.2.12-2ubuntu1.12) jammy-security; urgency=medium
* SECURITY UPDATE: DoS in django.utils.html.urlize()
- debian/patches/CVE-2024-38875.patch: mitigated potential DoS in
urlize and urlizetrunc template filters in django/utils/html.py,
tests/utils_tests/test_html.py.
- CVE-2024-38875
* SECURITY UPDATE: username enumeration via timing issue
- debian/patches/CVE-2024-39329.patch: standarized timing of
verify_password() when checking unusable passwords in
django/contrib/auth/hashers.py, tests/auth_tests/test_hashers.py.
- CVE-2024-39329
* SECURITY UPDATE: directory-traversal via Storage.save()
- debian/patches/CVE-2024-39330.patch: added extra file name validation
in Storage's save method in django/core/files/storage.py,
django/core/files/utils.py, tests/file_storage/test_base.py,
tests/file_storage/tests.py.
- CVE-2024-39330
* SECURITY UPDATE: DoS in get_supported_language_variant()
- debian/patches/CVE-2024-39614.patch: mitigated potential DoS in
django/utils/translation/trans_real.py, docs/ref/utils.txt,
tests/i18n/tests.py.
- CVE-2024-39614
-- Marc Deslauriers <email address hidden> Fri, 05 Jul 2024 08:01:05 -0400
|
Source diff to previous version |
python-django (2:3.2.12-2ubuntu1.11) jammy-security; urgency=medium
* SECURITY UPDATE: regular expression denial-of-service
- debian/patches/CVE-2024-27351.patch: prevented potential ReDoS in
Truncator.words() in django/utils/text.py,
tests/utils_tests/test_text.py.
- CVE-2024-27351
-- Marc Deslauriers <email address hidden> Mon, 26 Feb 2024 11:53:44 -0500
|
Source diff to previous version |
python-django (2:3.2.12-2ubuntu1.10) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-24680.patch: rewrite
regex logic to avoid DoS in django/contrib/humanize/templatetags
/humanize.py, tests/humanize_tests/tests.py.
- CVE-2024-24680
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 30 Jan 2024 13:25:10 -0300
|
About
-
Send Feedback to @ubuntu_updates