[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[BSA-124] Security Update for python-django



Colin Watson uploaded new packages for python-django which fixed the
following security problems:

CVE-2025-32873

Denial-of-service possibility in strip_tags(). django.utils.html.strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags template filter, which was therefore also vulnerable. strip_tags() now raises a SuspiciousOperation exception if it encounters an unusually large number of unclosed opening tags.

For the bookworm-backports distribution the problem has been fixed in
version 3:4.2.21-1~bpo12+1.

--
Colin Watson (he/him)                              [cjwatson@debian.org]

Attachment: signature.asc
Description: PGP signature


Reply to: