[ubuntu/jammy-updates] python-django 2:3.2.12-2ubuntu1.13 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Aug 6 18:28:53 UTC 2024


python-django (2:3.2.12-2ubuntu1.13) jammy-security; urgency=medium

  * SECURITY UPDATE: Memory exhaustion issue
    - debian/patches/CVE-2024-41989-pre1.patch: fix loss of precision for
      Decimal values in floatformat filter in
      django/template/defaultfilters.py,
      tests/template_tests/filter_tests/test_floatformat.py.
    - debian/patches/CVE-2024-41989-pre2.patch: fix floatformat crash on
      zero with trailing zeros to zero decimal places in
      django/template/defaultfilters.py,
      tests/template_tests/filter_tests/test_floatformat.py.
    - debian/patches/CVE-2024-41989-pre3.patch: fix floatformat crash on
      zero with trailing zeros in django/template/defaultfilters.py,
      tests/template_tests/filter_tests/test_floatformat.py.
    - debian/patches/CVE-2024-41989.patch: prevent excessive memory
      consumption in floatformat in django/template/defaultfilters.py,
      tests/template_tests/filter_tests/test_floatformat.py.
    - CVE-2024-41989
  * SECURITY UPDATE: DoS vulnerability in django.utils.html.urlize()
    - debian/patches/CVE-2024-41990.patch: mitigate potential DoS in urlize
      and urlizetrunc template filters in django/utils/html.py,
      tests/utils_tests/test_html.py.
    - CVE-2024-41990
  * SECURITY UPDATE: DoS vulnerability in django.utils.html.urlize() and
    AdminURLFieldWidget
    - debian/patches/CVE-2024-41991.patch: prevented potential ReDoS
      in django/contrib/admin/widgets.py, django/utils/html.py,
      tests/admin_widgets/tests.py, tests/utils_tests/test_html.py.
    - CVE-2024-41991
  * SECURITY UPDATE: SQL injection in QuerySet.values() and values_list()
    - debian/patches/CVE-2024-42005.patch: mitigate QuerySet.values() SQL
      injection attacks against JSON fields in
      django/db/models/sql/query.py, tests/expressions/models.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2024-42005

Date: 2024-07-31 15:17:22.998305+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.13
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list