[ubuntu/bionic-security] python-django 1:1.11.11-1ubuntu1.13 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 4 10:51:51 UTC 2021
python-django (1:1.11.11-1ubuntu1.13) bionic-security; urgency=medium
* SECURITY UPDATE: Potential directory-traversal via uploaded files
- debian/patches/CVE-2021-31542.patch: tighten path & file name
sanitation in file uploads in django/core/files/storage.py,
django/core/files/uploadedfile.py, django/core/files/utils.py,
django/db/models/fields/files.py, django/http/multipartparser.py,
django/utils/text.py, tests/file_storage/test_generate_filename.py,
tests/file_uploads/tests.py, tests/utils_tests/test_text.py,
tests/forms_tests/field_tests/test_filefield.py.
- CVE-2021-31542
Date: 2021-04-28 17:20:24.816021+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list