[ubuntu/focal-security] python-django 2:2.2.12-1ubuntu0.6 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 4 10:51:50 UTC 2021
python-django (2:2.2.12-1ubuntu0.6) focal-security; urgency=medium
* SECURITY UPDATE: Potential directory-traversal via uploaded files
- debian/patches/CVE-2021-31542.patch: tighten path & file name
sanitation in file uploads in django/core/files/storage.py,
django/core/files/uploadedfile.py, django/core/files/utils.py,
django/db/models/fields/files.py, django/http/multipartparser.py,
django/utils/text.py, tests/file_storage/test_generate_filename.py,
tests/file_uploads/tests.py, tests/utils_tests/test_text.py,
tests/forms_tests/field_tests/test_filefield.py.
- CVE-2021-31542
Date: 2021-04-28 17:22:24.667034+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list