[ubuntu/noble-updates] python-django 3:4.2.11-1ubuntu1.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Dec 4 18:28:55 UTC 2024
python-django (3:4.2.11-1ubuntu1.4) noble-security; urgency=medium
* SECURITY UPDATE: Potential denial-of-service in
django.utils.html.strip_tags()
- debian/patches/CVE-2024-53907.patch: mitigated potential DoS in
strip_tags() in django/utils/html.py, tests/utils_tests/test_html.py.
- CVE-2024-53907
* SECURITY UPDATE: Potential SQL injection in HasKey(lhs, rhs) on Oracle
- debian/patches/CVE-2024-53908.patch: prevented SQL injections in
direct HasKeyLookup usage on Oracle in
django/db/models/fields/json.py,
tests/model_fields/test_jsonfield.py.
- CVE-2024-53908
Date: 2024-11-28 12:59:11.166522+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list