[SECURITY] [DSA 5465-1] python-django security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5465-1] python-django security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 3 Aug 2023 20:45:41 +0000
Message-id: <[🔎] ZMwR9Sk89lFyUjY8@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5465-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 03, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-django
CVE ID         : CVE-2023-36053

Seokchan Yoon discovered that missing sanitising in the email and URL
validators of Django, a Python web development framework, could result
in denial of service.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2:2.2.28-1~deb11u2. This update also addresses CVE-2023-23969,
CVE-2023-31047 and CVE-2023-24580.

For the stable distribution (bookworm), this problem has been fixed in
version 3:3.2.19-1+deb12u1.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTMEXoACgkQEMKTtsN8
TjYgbA//QyvH70qUWpZtGBT19rQ8JQdcHCdh/FqlsosbYFwKwc+jZNfqyZWr45oM
VKQvi8vggxPGXs9LfQb1LhWxsBzhNzCrvN24z7vSqWNensHVBA3NNaGkSDASsIXF
Z/LvO0bMjdk0QQ5774CjhoixTBx5SmYy/oapTNeHrZv8geF+E5ga3+r2/lDLNZEf
IFFMkfJRhoXuKS/cKKtfDnz37YDr0a8tAXDb/RbGvfu4igjDLWCMnq2aOmx2UaS2
euvOlWknhv0r72Skp8ipLx5ykcEJ4WmD3LuNZbXZQNqbsYO9FX2yoXGJqwnuLvTH
g/JCnYwrkUEDTcBAY8pbQ/MRM4yIYRxqEnQEyV8HIouajLgFKDtCJCG7Rii/axav
cnBiNqgnp8Vg6/F0jKjJOEe4lnVl7xufAQcLTs2aUk9B2WlqKEpAF2xgPc1SdPXe
tdXy57N2R20Ft3jOS/s2V5YaButrGB0bKa7ktkpSez6Cr9FpNGSSP9G6sjoggRFc
DSwHR9FIsX68cHE9DsCVE5J1PLAbJwqQiGl7s1ViDf1Ab4mMmdShPMOWB4mX57wx
TcoAdxts6wgjotNwjEwOPEhYOSSAwxjGgeTvs3La4+nrjpFcq7Hg2Ot/FNBq0WsD
st/oPfeZ/Lt/teUT36m5crWOovRMAAXKMSpg/KQ8L9b3HDrlwUE=
=ozYQ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5464-1] firefox-esr security update
Next by Date: [SECURITY] [DSA 5466-1] ntpsec security update
Previous by thread: [SECURITY] [DSA 5464-1] firefox-esr security update
Next by thread: [SECURITY] [DSA 5466-1] ntpsec security update
Index(es):
- Date
- Thread