[SECURITY] [DLA 4086-1] python-django security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4086-1] python-django security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 19 Mar 2025 17:51:24 +0000
Message-id: <[🔎] 174240022733.15293.9421635144536064735@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4086-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
March 19, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-django
Version        : 2:2.2.28-1~deb11u6
CVE ID         : CVE-2025-26699
Debian Bug     : 1099682

It was discovered that there was a potential denial-of-service (DoS)
vulnerability in Django, a Python-based web development framework.

The issue was situated in the wrap() method of the django.utils.text
module. This method and the wordwrap template filter were subject to
a potential DoS attack when used with very long strings.

For Debian 11 bullseye, this problem has been fixed in version
2:2.2.28-1~deb11u6.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmfa6uEACgkQHpU+J9Qx
HlinZQ/+JsDDH/tF8+i2DtjUAk58rLggvA9M+tlXZgmtoyzsDFB8amj8v2fFbnNW
kPTR30lEbg0N2La+XyPDXdcvpmh2L8VedXXm4JH7V2369awoshAarxMyWb6y2KXc
h7k7P89NOiEo8srBAtE1IEAkBrbmhZwiLKISSs1R2pwXErjyb9C3TJVQf4iVGrIz
Iz3vDg2SjPRrORA+iAk2kfEUSC3+5uUB1YJoR6ATDny/yKMRcGnvNLWw5Ifpq4lQ
+zQUyl+YB3Wa/hlCwHBN/yrfg6LaON29LHHkfp3TXlwPFXSQmhRVuhxVSZafCYOk
v/oAV6H6OnL1FqeJk9KUyX/9rGwU0R19iMX8hfCt1l7WjuckT51ShY6Pt6N+TiEa
kmiSm700D/mfIVB77vHiE5oVu4ozpFklYdiaLkWwBkMthdLd5JiZVeqSJ5NmFNG0
v09Wp6Z/M9QlJ+hLtavcXXJ06UaS7JTz2CgW5ujcEmsaV20tqbstVc7zEK6iMvsy
i5eIrFgfVqQMgL8+oRDBvBccOw/K7av4ODuVLak0ULOAx3A6bphDnnrn0ItIVIHf
t6bpxDHtWBdhQigetlNZo/j+10dFcLjF53jMHVHQzeURxrGW8oEJG1BWsIR6Rt97
//B0Wn8+RYYo+dsXKGN3Qjmw/vOH+N0uGqh1Ant5jOUDc9N6uwI=
=dzBZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4085-1] tzdata new timezone database
Next by Date: [SECURITY] [DLA 4087-1] python3.9 security update
Previous by thread: [SECURITY] [DLA 4085-1] tzdata new timezone database
Next by thread: [SECURITY] [DLA 4087-1] python3.9 security update
Index(es):
- Date
- Thread