[ubuntu-cloud-archive/ussuri-proposed] python-django (Accepted)
Corey Bryant
corey.bryant at canonical.com
Fri May 28 12:37:34 UTC 2021
python-django (2:2.2.12-1ubuntu0.6~cloud0) bionic-ussuri; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
python-django (2:2.2.12-1ubuntu0.6) focal-security; urgency=medium
.
* SECURITY UPDATE: Potential directory-traversal via uploaded files
- debian/patches/CVE-2021-31542.patch: tighten path & file name
sanitation in file uploads in django/core/files/storage.py,
django/core/files/uploadedfile.py, django/core/files/utils.py,
django/db/models/fields/files.py, django/http/multipartparser.py,
django/utils/text.py, tests/file_storage/test_generate_filename.py,
tests/file_uploads/tests.py, tests/utils_tests/test_text.py,
tests/forms_tests/field_tests/test_filefield.py.
- CVE-2021-31542
Date: Tue, 04 May 2021 11:37:39 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>
More information about the Cloud-archive-changes
mailing list