[ubuntu/plucky-proposed] python-django 3:5.1.4-1 (Accepted)

Lena Voytek lena.voytek at canonical.com
Tue Dec 17 01:51:45 UTC 2024 

python-django (3:5.1.4-1) experimental; urgency=medium

  * New upstream security release:

    - CVE-2024-53907: Potential DoS in django.utils.html.strip_tags.
      The strip_tags() method and striptags template filter were subject to a
      potential denial-of-service attack via certain inputs containing large
      sequences of nested incomplete HTML entities.

    - CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
      Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
      was subject to SQL injection if untrusted data is used as a lhs value.
      Applications that use the jsonfield.has_key lookup through the __ syntax
      are unaffected.

    <https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>

python-django (3:5.1.3-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/5.1/releases/5.1.3/>
  * Refresh patches.

python-django (3:5.1.2-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/5.1/releases/5.1.2/>

python-django (3:5.1.1-1) experimental; urgency=high

  * New upstream security release:

    - CVE-2024-45230: Potential denial-of-service vulnerability in
      django.utils.html.urlize(). urlize and urlizetrunc were subject to a
      potential denial-of-service attack via very large inputs with a specific
      sequence of characters.

    - CVE-2024-45231: Potential user email enumeration via response status on
      password reset. Due to unhandled email sending failures, the
      django.contrib.auth.forms.PasswordResetForm class allowed remote
      attackers to enumerate user emails by issuing password reset requests and
      observing the outcomes. To mitigate this risk, exceptions occurring
      during password reset email sending are now handled and logged using the
      django.contrib.auth logger.

  * Bump Standards-Version to 4.7.0.

python-django (3:5.1-1) experimental; urgency=medium

  * New upstream 5.1 release.
    <https://www.djangoproject.com/weblog/2024/aug/07/django-51-released/>

python-django (3:5.1~rc1-1) experimental; urgency=medium

  * New upstream 5.1 release candidate.
    <https://www.djangoproject.com/weblog/2024/jul/24/django-51-rc1/>

python-django (3:5.1~beta1-1) experimental; urgency=medium

  * New upstream beta release.
    <https://www.djangoproject.com/weblog/2024/jun/26/django-51-beta-1-released/>
  * Add pybuild-plugin-pyproject to Build-Depends.

python-django (3:5.1~alpha1-1) experimental; urgency=medium

  * New upstream experimental alpha release.
    <https://www.djangoproject.com/weblog/2024/may/22/django-51-alpha-1-released/>
  * Refresh patches.

python-django (3:5.0.6-1) experimental; urgency=medium

  * New upstream bugfix release, incorporating changes from 5.0.5 as well.
    <https://docs.djangoproject.com/en/5.0/releases/5.0.5/>
    <https://docs.djangoproject.com/en/5.0/releases/5.0.6/>

python-django (3:5.0.4-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/dev/releases/5.0.4/>

python-django (3:5.0.3-1) experimental; urgency=medium

  * New upstream security release:

    - CVE-2024-27351: Fix a potential regular expression denial-of-service
      (ReDoS) attack in django.utils.text.Truncator.words. This method
      (with html=True) and the truncatewords_html template filter were subject
      to a potential regular expression denial-of-service attack via a suitably
      crafted string. This is, in part, a follow up to CVE-2019-14232 and
      CVE-2023-43665.

    <https://docs.djangoproject.com/en/dev/releases/5.0.3/>

python-django (3:5.0.2-1) experimental; urgency=medium

  * New upstream security release:

    - CVE-2024-24680: Potential denial-of-service in intcomma template filter.
      The intcomma template filter was subject to a potential denial-of-service
      attack when used with very long strings.

    <https://docs.djangoproject.com/en/dev/releases/5.0.2/>

python-django (3:5.0.1-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/dev/releases/5.0.1/>

python-django (3:5.0-1) experimental; urgency=medium

  * New upstream stable release.
    https://docs.djangoproject.com/en/5.0/releases/5.0/

python-django (3:5.0~rc1-1) experimental; urgency=medium

  * New upstream RC1 release.
    <https://www.djangoproject.com/weblog/2023/nov/20/django-50-rc1/>

python-django (3:5.0~alpha1-1) experimental; urgency=medium

  * New upstream alpha release.
    <https://www.djangoproject.com/weblog/2023/sep/18/django-50-alpha-1-released/>
  * Refresh patches.

Date: 2024-12-04 22:27:27.527754+00:00
Signed-By: Lena Voytek <lena.voytek at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:5.1.4-1
-------------- next part --------------
Sorry, changesfile not available.

More information about the plucky-changes mailing list