Colin Watson uploaded new packages for python-django which fixed the
following security problems:
CVE-2025-32873
Denial-of-service possibility in strip_tags().
django.utils.html.strip_tags() would be slow to evaluate certain
inputs containing large sequences of incomplete HTML tags. This
function is used to implement the striptags template filter, which
was therefore also vulnerable. strip_tags() now raises a
SuspiciousOperation exception if it encounters an unusually large
number of unclosed opening tags.
For the bookworm-backports distribution the problem has been fixed in
version 3:4.2.21-1~bpo12+1.
--
Colin Watson (he/him) [cjwatson@debian.org]