[ubuntu/mantic-security] python-django 3:4.2.4-1ubuntu2.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 9 16:55:31 UTC 2024
python-django (3:4.2.4-1ubuntu2.3) mantic-security; urgency=medium
* SECURITY UPDATE: DoS in django.utils.html.urlize()
- debian/patches/CVE-2024-38875.patch: mitigated potential DoS in
urlize and urlizetrunc template filters in django/utils/html.py,
tests/utils_tests/test_html.py.
- CVE-2024-38875
* SECURITY UPDATE: username enumeration via timing issue
- debian/patches/CVE-2024-39329.patch: standarized timing of
verify_password() when checking unusable passwords in
django/contrib/auth/hashers.py, tests/auth_tests/test_hashers.py.
- CVE-2024-39329
* SECURITY UPDATE: directory-traversal via Storage.save()
- debian/patches/CVE-2024-39330.patch: added extra file name validation
in Storage's save method in django/core/files/storage/base.py,
django/core/files/utils.py, tests/file_storage/test_base.py,
tests/file_storage/tests.py, tests/file_uploads/tests.py.
- CVE-2024-39330
* SECURITY UPDATE: DoS in get_supported_language_variant()
- debian/patches/CVE-2024-39614.patch: mitigated potential DoS in
django/utils/translation/trans_real.py, docs/ref/utils.txt,
tests/i18n/tests.py.
- CVE-2024-39614
Date: 2024-07-05 15:09:11.099927+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:4.2.4-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list