[ubuntu/focal-updates] python-django 2:2.2.12-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jun 3 12:28:22 UTC 2020


python-django (2:2.2.12-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Potential data leakage via malformed memcached keys
    - debian/patches/CVE-2020-13254.patch: enforced cache key validation in
      memcached backends in django/core/cache/__init__.py,
      django/core/cache/backends/base.py,
      django/core/cache/backends/memcached.py, tests/cache/tests.py.
    - CVE-2020-13254
  * SECURITY UPDATE: Possible XSS via admin ForeignKeyRawIdWidget
    - debian/patches/CVE-2020-13596.patch: fixed potential XSS in admin
      ForeignKeyRawIdWidget in django/contrib/admin/widgets.py,
      tests/admin_widgets/models.py, tests/admin_widgets/tests.py. 
    - CVE-2020-13596

Date: 2020-05-29 12:36:16.860025+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list