-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Dec 2024 16:55:05 +0000
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:5.1.4-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
python-django (3:5.1.4-1) experimental; urgency=medium
.
* New upstream security release:
.
- CVE-2024-53907: Potential DoS in django.utils.html.strip_tags.
The strip_tags() method and striptags template filter were subject to a
potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
.
- CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
was subject to SQL injection if untrusted data is used as a lhs value.
Applications that use the jsonfield.has_key lookup through the __ syntax
are unaffected.
.
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>
Checksums-Sha1:
161fb4a49a727c42159762a787e4e572b86bfb2b 2783 python-django_5.1.4-1.dsc
6e47f95d8b22cfd314c8b2676b2f854016f498b5 10716397 python-django_5.1.4.orig.tar.gz
1894dc093e31f613a25e0a239b296533c7164cea 29540 python-django_5.1.4-1.debian.tar.xz
7be980d0b7dbec7a17c89d0a98fd17fa24e87345 8495 python-django_5.1.4-1_amd64.buildinfo
Checksums-Sha256:
9a296b20690a84b6e26573def5317652ae577905b80645688fd07138093d5d4f 2783 python-django_5.1.4-1.dsc
de450c09e91879fa5a307f696e57c851955c910a438a35e6b4c895e86bedc82a 10716397 python-django_5.1.4.orig.tar.gz
b6955235f7512234698d846be4a282fcbbe517b9e805c4f7b2c3cc5e9183496c 29540 python-django_5.1.4-1.debian.tar.xz
50cce4d59f47a87e1962a43e5d30f8b9403e8b0eab80d19c85c746ece0d3fc8f 8495 python-django_5.1.4-1_amd64.buildinfo
Files:
e3b6ab630351fcea266ef1d9b0b7147e 2783 python optional python-django_5.1.4-1.dsc
03ec3e0f2d6cbcb9eb11c629ca1c538b 10716397 python optional python-django_5.1.4.orig.tar.gz
a7839113510c999c4a97b0a93955cd8c 29540 python optional python-django_5.1.4-1.debian.tar.xz
d9f602df1d601700428979ae7f77b7d3 8495 python optional python-django_5.1.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmdQjC8ACgkQHpU+J9Qx
HlguRRAAm/bu3CGBSWOGIoxKNwOKDa+bzYfebmEmkFB5VQtOQGB8Sv2q1l+ggLPh
FrP8Fxa+iqDJchnnJN1qAv2UzBQqGlopIZL+b2JfvnvxuoBoBR7rS/0DfPUOyYHb
v/2t+d5pcTEb+/qv7BGB3E0Mu/e8rh5rH2vHAOri9RIMUk6j4C6ocpCGQL5ooo8P
xhYYTgk4eRf+fLocEM+Fi0tI1iBg9FRWjEfvW3dJpbE98h+IaTXa2Pscvm+wVe9N
jIMr97C0l4SCRoQazwUiOrpWQkskMCCfzgihSGzaZCqx8F6KmLPeWSSoU1dFEXyx
cusxCMfpZkeJvSttKC2o2A+swG54I0zjfspXa4JX9KChWeooc9sBpEKkd/6thq0O
awFYbyaMBze7ylrgn73f/hxhbGmtJIbb9G9QrDI1041R19XCGIxHWu1KqMNjTXxx
msx6cPtQIEoJdeLK4EwJGlSROjshGn6KJ+vr842OB6J9AGdCB+23mQYxgVAAPBUB
rOp3vGeztecEE6bYUSU9mosuxbLDW930FXeN4wxf1sZ7c9UUM0mYiZ7jn2bRL39E
6E+OZwDYPLQoeZ9z9a+UUsbu2wCgO3uBOpoYohuO2BN0hWHT4gPt0fPzMyfoLUbc
y8Zh4olgK+wh6rczN1yW4Q9iEokhcKydUXX10vq0M32LSwr2xiE=
=S11e
-----END PGP SIGNATURE-----
Attachment:
pgpUosI7M9M0z.pgp
Description: PGP signature