-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 06 Aug 2024 16:59:24 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.15-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1078074
Changes:
python-django (3:4.2.15-1) unstable; urgency=high
.
* New upstream security release. (Closes: #1078074)
.
- CVE-2024-41989: Memory exhaustion in django.utils.numberformat.
.
The floatformat template filter is subject to significant memory
consumption when given a string representation of a number in
scientific notation with a large exponent.
.
- CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize.
.
The urlize() and urlizetrunc() template filters are subject to a
potential denial-of-service attack via very large inputs with a specific
sequence of characters.
.
- CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
.
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget
widget, are subject to a potential denial-of-service attack via certain
inputs with a very large number of Unicode characters.
.
- CVE-2024-42005: Potential SQL injection in QuerySet.values() and
values_list()
.
QuerySet.values() and values_list() methods on models with a JSONField
are subject to SQL injection in column aliases via a crafted JSON object
key as a passed *arg.
.
<https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>
Checksums-Sha1:
4bd0cedeed1f979c4f813b23b86ac33d1ef48c25 2764 python-django_4.2.15-1.dsc
82d4afdf4c3210cf399eaebe287d4012a49444ff 10418066 python-django_4.2.15.orig.tar.gz
e5aa8c698f26a9082c23ca6e0ca4ab9eeaae3a18 31908 python-django_4.2.15-1.debian.tar.xz
3229700ef66c4163b1d7d798fc747b52aae8e4da 7594 python-django_4.2.15-1_amd64.buildinfo
Checksums-Sha256:
d327f132aba6f910c023ac7882ae5bbe20c88fb533934f1d268a02ffc7444ae7 2764 python-django_4.2.15-1.dsc
c77f926b81129493961e19c0e02188f8d07c112a1162df69bfab178ae447f94a 10418066 python-django_4.2.15.orig.tar.gz
0117013cc1a87c09666f4ad03800a4a4ce0a7dcc18358137b26d1e0dc1d1b8ae 31908 python-django_4.2.15-1.debian.tar.xz
4a80d44ea7f6b1fb67178b4e5d353500d07796e360e3d3d884ff054b8553cabd 7594 python-django_4.2.15-1_amd64.buildinfo
Files:
8bdf32267a0dec045b7c27926cfdcafc 2764 python optional python-django_4.2.15-1.dsc
a828465eb577e2b4c9a34b9839b33bef 10418066 python optional python-django_4.2.15.orig.tar.gz
8532ac9623aab487d0c3b6ed21481427 31908 python optional python-django_4.2.15-1.debian.tar.xz
4fd991f4a24303449e78a8a02f876a18 7594 python optional python-django_4.2.15-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmayS1kACgkQHpU+J9Qx
HlggZg/6A08gveSnAamCST+Eb5NrIoCclfpsiRZR54pZ7rOe4j1M1WF7ysMGph6p
MduAqjIGlMkoYAU3un/3a4TdLgBnomOvn7ZvCOrV8ONoF/SwuFHiXpu9zgdVMCYL
iS3CfZ5PJbqP9MZDeTClJ2kcJivSHbjyzd1DMVikmYlg+gvX7b7G3/C1Z2r8Swxn
h0HA7L2LgA3xtVSqHnBNH1tyiJ901Dk0/B/yfD8cjwpvQfJFwHbKAfIEJHRO4ldn
AJTf/4QeHuNiQDTjst0v6UIe/wokeS2iO/Xa2T8jvDfUpthSP1geL+8ZoaDxOLtI
OhaOERjeK32hB/Sl0vHSSYYnwFtxX6rGAjDcMpY2u+lKEYQmZol7994uYsT5efV4
FImoWCidZWR2PocEnLO/e3KR6nCyNsuXFxVKJl8a1qysC+UpewlFBA7KQ6s1a83m
xA60HZkmwN0JPzTEzrp9ImCt2lBhbSeCtorPkeCjVaLIyHzHt1PJxtyDDVdRHa9H
8vkraIjq9UxYfHo2Z/yIpH9ZLGKnor8nWYZpqzrbWFaaUPzrCpCK2CK23hbfaqoD
Tp6VlxxbYPl2ZsfHFzOSOpbxGMUncYJkFhSe/QikFT1sF42myAzCXVXu62Wd0+7y
IxvzbD1Om9jgLwD+gKd/8qwe3s6EuccakV2hFS2X9Oat1BbuxTM=
=0WK5
-----END PGP SIGNATURE-----
Attachment:
pgpVDRXtRo4ia.pgp
Description: PGP signature