[ubuntu/mantic-proposed] python-django 3:3.2.18-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed May 3 15:04:14 UTC 2023 

python-django (3:3.2.18-1ubuntu1) mantic; urgency=medium

  * SECURITY UPDATE: Potential bypass of validation when uploading multiple
    files using one form field
    - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files
      in django/forms/widgets.py, docs/topics/http/file-uploads.txt,
      tests/forms_tests/field_tests/test_filefield.py,
      tests/forms_tests/widget_tests/test_clearablefileinput.py,
      tests/forms_tests/widget_tests/test_fileinput.py.
    - CVE-2023-31047

Date: Wed, 26 Apr 2023 09:55:57 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/3:3.2.18-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 26 Apr 2023 09:55:57 -0400
Source: python-django
Built-For-Profiles: noudeb
Architecture: source
Version: 3:3.2.18-1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-django (3:3.2.18-1ubuntu1) mantic; urgency=medium
 .
   * SECURITY UPDATE: Potential bypass of validation when uploading multiple
     files using one form field
     - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files
       in django/forms/widgets.py, docs/topics/http/file-uploads.txt,
       tests/forms_tests/field_tests/test_filefield.py,
       tests/forms_tests/widget_tests/test_clearablefileinput.py,
       tests/forms_tests/widget_tests/test_fileinput.py.
     - CVE-2023-31047
Checksums-Sha1:
 62d99129ec1b75fbb4a59bbfcba72d221b0ea13a 2914 python-django_3.2.18-1ubuntu1.dsc
 49c368fc0078c8901f086584c3b437327d7a71bb 41128 python-django_3.2.18-1ubuntu1.debian.tar.xz
 3216624ab59e6efe18d5967da940908f002c88df 14255 python-django_3.2.18-1ubuntu1_source.buildinfo
Checksums-Sha256:
 c6c9b9580c0819f85328c325458aed78e920980f473abe7cd3e5cbcc99555693 2914 python-django_3.2.18-1ubuntu1.dsc
 19c16463f5e304cd351d31b7896f246a512f5ce92e3a1c045d980b6969099cac 41128 python-django_3.2.18-1ubuntu1.debian.tar.xz
 303141c269825b5d639121a06acc9f46a1a4bcfb56e7328d829b2c6fbde3546d 14255 python-django_3.2.18-1ubuntu1_source.buildinfo
Files:
 29abeaa82d8289e89f0837b21851b369 2914 python optional python-django_3.2.18-1ubuntu1.dsc
 ad26400809d984afafe495ee88986189 41128 python optional python-django_3.2.18-1ubuntu1.debian.tar.xz
 bbe3f497f38d043ed2097f4529e8cb7a 14255 python optional python-django_3.2.18-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>

More information about the mantic-changes mailing list