Colin Watson uploaded new packages for python-django which fixed the following security problems: CVE-2025-32873Denial-of-service possibility in strip_tags(). django.utils.html.strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags template filter, which was therefore also vulnerable. strip_tags() now raises a SuspiciousOperation exception if it encounters an unusually large number of unclosed opening tags.
For the bookworm-backports distribution the problem has been fixed in version 3:4.2.21-1~bpo12+1. -- Colin Watson (he/him) [cjwatson@debian.org]
Attachment:
signature.asc
Description: PGP signature