[SECURITY] [DLA 4030-1] python-django security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4030-1] python-django security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 23 Jan 2025 10:16:15 -0500 (EST)
Message-id: <[🔎] 173764534460.14557.3477960744621335455@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4030-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
January 23, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-django
Version        : 2:2.2.28-1~deb11u5
CVE ID         : CVE-2024-56374
Debian Bug     : 1093049

It was discovered that there was potential Denial of Service (DoS)
vulnerability in Django, the Python-based web development framework.

The lack of upper-bound limit enforcement in IPv6 validation could
have led to a potential denial-of-service attack. The undocumented
and private clean_ipv6_address and is_valid_ipv6_address functions
were vulnerable, as was the GenericIPAddressField form field.

For Debian 11 bullseye, this problem has been fixed in version
2:2.2.28-1~deb11u5.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmeSXR4ACgkQHpU+J9Qx
HlgPCg//aaTMBNIO95Eo6QtWcI+bS+1LccdfuehaZIojcH9XaSL3rmvLA8/WVXFO
1vYf33FnljQHHM8EQEaXhLXJgyuVwIr8uPCAeQeFld6GtKVt7lEVROn6M/slgF3p
/bgMPUHipaJQgM7nNSCMmV1Krhc9/+rWkXxTIGsdwpBo4TDnzn1YC5vbQFYF8PWI
Vqz/+tQIgjKCq1P8pAK6zbQKPJb7AbNr77x2eDdDcE/IQNktvePO7egSClqqkpR2
5lYteA30lVRhnln+D4ln7O3MdAAfpeWOTzljVl1dLS4GCZGEdhkzDXWdCbr3LHIX
6HHNOl2l13KXbQfdHYy81Kp2SxtJbbB/ib/SeMSMqOVh5UESVUkXtFpeeeGxotbP
+XeX/BxaaNrhYGJFreRU/M+g5VG5OzF+onFFLQvYihikCZ/gkJ780sx0lOXCxubk
1v2ihIpq9xnpl143kUf8PqhyTm8ffSG0L7SNBpH/s17ixk7ZjRsnxXY8axa9btWX
CDpKi3DwCURDz0eq6J9bBpvF+NB1c+mCIQhuRWyx3277UfDJ7HsU+5GJniSJROqP
HWGqJEQkiSmcthF8u4tUozXJcrjn7scXC3F/EuNk5Mg2klDbgqwGY5XEt24HonYa
l6ej4w/khukDzJG5L8D0Itj5Oi1OU/cELiCIn4oMUUvad9jSb+k=
=kr6D
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4029-1] frr security update
Next by Date: [SECURITY] [DLA 4031-1] git security update
Previous by thread: [SECURITY] [DLA 4029-1] frr security update
Next by thread: [SECURITY] [DLA 4031-1] git security update
Index(es):
- Date
- Thread