UbuntuUpdates.org

Package "python-django-doc"

Name: python-django-doc

Description:

High-level Python web development framework (documentation)
Latest version: 3:5.2.9-0ubuntu4.1
Release: resolute (26.04)
Level: security
Repository: main
Head package: python-django
Homepage: http://www.djangoproject.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-django-doc"

All arch deb package
APT INSTALL

Other versions of "python-django-doc" in Resolute

Repository Area Version
base main 3:5.2.9-0ubuntu4
updates main 3:5.2.9-0ubuntu4.1

Changelog

Version: 3:5.2.9-0ubuntu4.1 2026-05-05 16:07:39 UTC

  python-django (3:5.2.9-0ubuntu4.1) resolute-security; urgency=medium

  * SECURITY UPDATE: Potential denial-of-service vulnerability in ASGI
    requests via file upload limit bypass
    - debian/patches/CVE-2026-5766.patch: enforce
      DATA_UPLOAD_MAX_MEMORY_SIZE in MemoryFileUploadHandler on ASGI in
      django/core/files/uploadhandler.py, tests/asgi/tests.py,
      tests/requests_tests/tests.py.
    - CVE-2026-5766
  * SECURITY UPDATE: Session fixation via public cached pages and
    SESSION_SAVE_EVERY_REQUEST
    - debian/patches/CVE-2026-35192.patch: ensure Vary header is sent when
      setting session cookie with SESSION_SAVE_EVERY_REQUEST=True in
      django/contrib/sessions/middleware.py, tests/sessions_tests/tests.py.
    - CVE-2026-35192
  * SECURITY UPDATE: Potential exposure of private data due to incorrect
    handling of Vary: * in UpdateCacheMiddleware
    - debian/patches/CVE-2026-6907.patch: prevent caching of requests when
      Vary header contains an asterisk in django/middleware/cache.py,
      tests/cache/tests.py.
    - CVE-2026-6907

 -- Marc Deslauriers <email address hidden> Tue, 28 Apr 2026 13:35:31 -0400


About   -   Send Feedback to @ubuntu_updates