Change log for python-django package in Ubuntu
1 → 50 of 365 results | First • Previous • Next • Last |
python-django (3:4.2.4-1ubuntu2) mantic; urgency=medium * SECURITY UPDATE: DoS possibility in django.utils.text.Truncator - debian/patches/CVE-2023-43665.patch: limit size of input strings in django/utils/text.py, tests/utils_tests/test_text.py, docs/ref/templates/builtins.txt. - CVE-2023-43665 -- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 13:53:21 -0400
Available diffs
python-django (2:2.2.12-1ubuntu0.20) focal-security; urgency=medium * SECURITY UPDATE: DoS possibility in django.utils.text.Truncator - debian/patches/CVE-2023-43665.patch: limit size of input strings in django/utils/text.py, tests/utils_tests/test_text.py. - CVE-2023-43665 -- Marc Deslauriers <email address hidden> Wed, 27 Sep 2023 13:37:46 -0400
python-django (2:3.2.12-2ubuntu1.9) jammy-security; urgency=medium * SECURITY UPDATE: DoS possibility in django.utils.text.Truncator - debian/patches/CVE-2023-43665.patch: limit size of input strings in django/utils/text.py, tests/utils_tests/test_text.py. - CVE-2023-43665 -- Marc Deslauriers <email address hidden> Wed, 27 Sep 2023 13:36:26 -0400
Available diffs
python-django (3:3.2.18-1ubuntu0.5) lunar-security; urgency=medium * SECURITY UPDATE: DoS possibility in django.utils.text.Truncator - debian/patches/CVE-2023-43665.patch: limit size of input strings in django/utils/text.py, tests/utils_tests/test_text.py. - CVE-2023-43665 -- Marc Deslauriers <email address hidden> Wed, 27 Sep 2023 13:00:07 -0400
Available diffs
python-django (3:4.2.4-1ubuntu1) mantic; urgency=medium * SECURITY UPDATE: DoS in django.utils.encoding.uri_to_iri() - debian/patches/CVE-2023-41164.patch: properly handle large number of Unicode characters in django/utils/encoding.py, tests/utils_tests/test_encoding.py. - CVE-2023-41164 -- Marc Deslauriers <email address hidden> Mon, 18 Sep 2023 14:41:43 -0400
Available diffs
python-django (2:2.2.12-1ubuntu0.19) focal-security; urgency=medium * SECURITY UPDATE: DoS in django.utils.encoding.uri_to_iri() - debian/patches/CVE-2023-41164.patch: properly handle large number of Unicode characters in django/utils/encoding.py, tests/utils_tests/test_encoding.py. - CVE-2023-41164 -- Marc Deslauriers <email address hidden> Fri, 15 Sep 2023 09:17:39 -0400
Available diffs
python-django (2:3.2.12-2ubuntu1.8) jammy-security; urgency=medium * SECURITY UPDATE: DoS in django.utils.encoding.uri_to_iri() - debian/patches/CVE-2023-41164.patch: properly handle large number of Unicode characters in django/utils/encoding.py, tests/utils_tests/test_encoding.py. - CVE-2023-41164 -- Marc Deslauriers <email address hidden> Fri, 15 Sep 2023 08:51:14 -0400
Available diffs
python-django (3:3.2.18-1ubuntu0.4) lunar-security; urgency=medium * SECURITY UPDATE: DoS in django.utils.encoding.uri_to_iri() - debian/patches/CVE-2023-41164.patch: properly handle large number of Unicode characters in django/utils/encoding.py, tests/utils_tests/test_encoding.py. - CVE-2023-41164 -- Marc Deslauriers <email address hidden> Fri, 15 Sep 2023 08:39:57 -0400
Available diffs
python-django (3:4.2.4-1) experimental; urgency=medium * New upstream bugfix release. <https://docs.djangoproject.com/en/4.2/releases/4.2.4/> -- Chris Lamb <email address hidden> Wed, 02 Aug 2023 07:53:39 +0100
Available diffs
- diff from 3:3.2.20-1.1 to 3:4.2.4-1 (4.3 MiB)
python-django (3:3.2.20-1.1) unstable; urgency=high [ Gianfranco Costamagna ] * Non-maintainer upload. [ Graham Inggs ] * Cherry-pick upstream commit to fix URLValidator crash in some edge cases (LP: #2025155, Closes: #1037920) -- Gianfranco Costamagna <email address hidden> Tue, 04 Jul 2023 09:31:10 +0200
Available diffs
Superseded in mantic-proposed |
python-django (3:3.2.20-1ubuntu1) mantic; urgency=low * Merge from Debian unstable. Remaining changes: - Cherry-pick upstream commit to fix URLValidator crash in some edge cases (LP: #2025155)
Available diffs
Superseded in mantic-proposed |
python-django (3:3.2.20-1) unstable; urgency=high * New upstream security release: - CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator. EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. (Closes: #1040225) -- Chris Lamb <email address hidden> Mon, 03 Jul 2023 20:34:24 +0100
Available diffs
python-django (3:3.2.18-1ubuntu0.3) lunar-security; urgency=medium * SECURITY UPDATE: Potential ReDoS issues - debian/patches/CVE-2023-36053.patch: prevent potential ReDoS in EmailValidator and URLValidator in django/core/validators.py, django/forms/fields.py, docs/ref/forms/fields.txt, docs/ref/validators.txt, tests/forms_tests/field_tests/test_emailfield.py, tests/forms_tests/tests/test_forms.py, tests/validators/tests.py. - CVE-2023-36053 * debian/patches/fix-url-validator.patch: Cherry-pick upstream commit to fix URLValidator crash in some edge cases (LP: #2025155) -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2023 09:18:49 -0400
Available diffs
python-django (3:3.2.19-1ubuntu3) mantic; urgency=medium * Drop 2eb1f37260f0e0b71ef3a77eb5522d2bb68d6489.patch and 16729.patch, it seems these are no longer needed * Cherry-pick upstream commit to fix URLValidator crash in some edge cases (LP: #2025155) -- Graham Inggs <email address hidden> Wed, 28 Jun 2023 11:20:10 +0000
Available diffs
python-django (2:2.2.12-1ubuntu0.18) focal-security; urgency=medium * SECURITY UPDATE: Potential ReDoS issues - debian/patches/CVE-2023-36053-pre1.patch: fix URLValidator hostname length validation in django/core/validators.py, tests/validators/valid_urls.txt. - debian/patches/CVE-2023-36053.patch: prevent potential ReDoS in EmailValidator and URLValidator in django/core/validators.py, django/forms/fields.py, tests/forms_tests/field_tests/test_emailfield.py, tests/forms_tests/tests/test_forms.py, tests/validators/tests.py. - CVE-2023-36053 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2023 09:40:09 -0400
Available diffs
python-django (3:3.2.15-1ubuntu1.4) kinetic-security; urgency=medium * SECURITY UPDATE: Potential ReDoS issues - debian/patches/CVE-2023-36053.patch: prevent potential ReDoS in EmailValidator and URLValidator in django/core/validators.py, django/forms/fields.py, docs/ref/forms/fields.txt, docs/ref/validators.txt, tests/forms_tests/field_tests/test_emailfield.py, tests/forms_tests/tests/test_forms.py, tests/validators/tests.py. - CVE-2023-36053 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2023 09:23:46 -0400
Available diffs
python-django (2:3.2.12-2ubuntu1.7) jammy-security; urgency=medium * SECURITY UPDATE: Potential ReDoS issues - debian/patches/CVE-2023-36053.patch: prevent potential ReDoS in EmailValidator and URLValidator in django/core/validators.py, django/forms/fields.py, docs/ref/forms/fields.txt, docs/ref/validators.txt, tests/forms_tests/field_tests/test_emailfield.py, tests/forms_tests/tests/test_forms.py, tests/validators/tests.py. - CVE-2023-36053 -- Marc Deslauriers <email address hidden> Tue, 27 Jun 2023 09:24:13 -0400
Available diffs
python-django (3:3.2.19-1ubuntu2) mantic; urgency=medium * Cherry-pick 2eb1f37260f0e0b71ef3a77eb5522d2bb68d6489, another Python3.12 retro-compatible change. -- Gianfranco Costamagna <email address hidden> Thu, 04 May 2023 09:22:42 +0200
Available diffs
Superseded in mantic-proposed |
python-django (3:3.2.19-1ubuntu1) mantic; urgency=medium * debian/patches/16729.patch: - cherry-pick and adapt upstream Python3.12 test fix -- Gianfranco Costamagna <email address hidden> Thu, 04 May 2023 09:15:13 +0200
Available diffs
Superseded in mantic-proposed |
python-django (3:3.2.19-1) unstable; urgency=medium * New upstream security release. * CVE-2023-31047: Prevent a potential bypass of validation when uploading multiple files using one form field. Uploading multiple files using one form field has never been supported by forms.FileField or forms.ImageField as only the last uploaded file was validated. Unfortunately, Uploading multiple files topic suggested otherwise. In order to avoid the vulnerability, the ClearableFileInput and FileInput form widgets now raise ValueError when the multiple HTML attribute is set on them. To prevent the exception and keep the old behavior, set the allow_multiple_selected attribute to True. For more details on using the new attribute and handling of multiple files through a single field, see: <https://docs.djangoproject.com/en/stable/topics/http/file-uploads/#uploading-multiple-files> (Closes: #1035467) * Bump Standards-Version to 4.6.2. -- Chris Lamb <email address hidden> Wed, 03 May 2023 09:32:59 -0700
Available diffs
Superseded in mantic-proposed |
python-django (3:3.2.18-1ubuntu1) mantic; urgency=medium * SECURITY UPDATE: Potential bypass of validation when uploading multiple files using one form field - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files in django/forms/widgets.py, docs/topics/http/file-uploads.txt, tests/forms_tests/field_tests/test_filefield.py, tests/forms_tests/widget_tests/test_clearablefileinput.py, tests/forms_tests/widget_tests/test_fileinput.py. - CVE-2023-31047 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 09:55:57 -0400
Available diffs
python-django (1:1.11.11-1ubuntu1.21) bionic-security; urgency=medium * SECURITY UPDATE: Potential bypass of validation when uploading multiple files using one form field - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files in django/forms/widgets.py, docs/topics/http/file-uploads.txt, tests/forms_tests/field_tests/test_filefield.py, tests/forms_tests/widget_tests/test_clearablefileinput.py, tests/forms_tests/widget_tests/test_fileinput.py. - CVE-2023-31047 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:05:28 -0400
Available diffs
python-django (2:3.2.12-2ubuntu1.6) jammy-security; urgency=medium * SECURITY UPDATE: Potential bypass of validation when uploading multiple files using one form field - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files in django/forms/widgets.py, docs/topics/http/file-uploads.txt, tests/forms_tests/field_tests/test_filefield.py, tests/forms_tests/widget_tests/test_clearablefileinput.py, tests/forms_tests/widget_tests/test_fileinput.py. - CVE-2023-31047 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:00:52 -0400
Available diffs
python-django (2:2.2.12-1ubuntu0.17) focal-security; urgency=medium * SECURITY UPDATE: Potential bypass of validation when uploading multiple files using one form field - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files in django/forms/widgets.py, docs/topics/http/file-uploads.txt, tests/forms_tests/field_tests/test_filefield.py, tests/forms_tests/widget_tests/test_clearablefileinput.py, tests/forms_tests/widget_tests/test_fileinput.py. - CVE-2023-31047 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 10:03:19 -0400
Available diffs
python-django (3:3.2.18-1ubuntu0.1) lunar-security; urgency=medium * SECURITY UPDATE: Potential bypass of validation when uploading multiple files using one form field - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files in django/forms/widgets.py, docs/topics/http/file-uploads.txt, tests/forms_tests/field_tests/test_filefield.py, tests/forms_tests/widget_tests/test_clearablefileinput.py, tests/forms_tests/widget_tests/test_fileinput.py. - CVE-2023-31047 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 09:55:57 -0400
Available diffs
python-django (3:3.2.15-1ubuntu1.3) kinetic-security; urgency=medium * SECURITY UPDATE: Potential bypass of validation when uploading multiple files using one form field - debian/patches/CVE-2023-31047.patch: prevent uploading multiple files in django/forms/widgets.py, docs/topics/http/file-uploads.txt, tests/forms_tests/field_tests/test_filefield.py, tests/forms_tests/widget_tests/test_clearablefileinput.py, tests/forms_tests/widget_tests/test_fileinput.py. - CVE-2023-31047 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2023 09:58:35 -0400
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
python-django (3:3.2.18-1) unstable; urgency=high * New upstream security release: - CVE-2023-24580: Potential denial-of-service vulnerability in file uploads Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. The number of files parts parsed is now limited via the new DATA_UPLOAD_MAX_NUMBER_FILES setting. Thanks to Jakob Ackermann for the report. (Closes: #1031290) -- Chris Lamb <email address hidden> Tue, 14 Feb 2023 09:12:57 -0800
Available diffs
- diff from 3:3.2.16-1ubuntu2 (in Ubuntu) to 3:3.2.18-1 (12.2 KiB)
- diff from 3:3.2.17-1 to 3:3.2.18-1 (5.6 KiB)
python-django (1:1.11.11-1ubuntu1.20) bionic-security; urgency=medium * SECURITY UPDATE: Potential denial-of-service in file uploads - debian/patches/CVE-2023-24580.patch: add limits to django/conf/global_settings.py, django/core/exceptions.py, django/core/handlers/exception.py, django/http/multipartparser.py, django/http/request.py, docs/ref/exceptions.txt, docs/ref/settings.txt, tests/handlers/test_exception.py, tests/requests/test_data_upload_settings.py. - CVE-2023-24580 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 10:30:23 -0500
Available diffs
python-django (3:3.2.15-1ubuntu1.2) kinetic-security; urgency=medium * SECURITY UPDATE: Potential denial-of-service in file uploads - debian/patches/CVE-2023-24580.patch: add limits to django/conf/global_settings.py, django/core/exceptions.py, django/core/handlers/exception.py, django/http/multipartparser.py, django/http/request.py, docs/ref/exceptions.txt, docs/ref/settings.txt, tests/handlers/test_exception.py, tests/requests/test_data_upload_settings.py. - CVE-2023-24580 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:53:34 -0500
Available diffs
python-django (2:3.2.12-2ubuntu1.5) jammy-security; urgency=medium * SECURITY UPDATE: Potential denial-of-service in file uploads - debian/patches/CVE-2023-24580.patch: add limits to django/conf/global_settings.py, django/core/exceptions.py, django/core/handlers/exception.py, django/http/multipartparser.py, django/http/request.py, docs/ref/exceptions.txt, docs/ref/settings.txt, tests/handlers/test_exception.py, tests/requests/test_data_upload_settings.py. - CVE-2023-24580 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:56:44 -0500
Available diffs
python-django (2:2.2.12-1ubuntu0.16) focal-security; urgency=medium * SECURITY UPDATE: Potential denial-of-service in file uploads - debian/patches/CVE-2023-24580.patch: add limits to django/conf/global_settings.py, django/core/exceptions.py, django/core/handlers/exception.py, django/http/multipartparser.py, django/http/request.py, docs/ref/exceptions.txt, docs/ref/settings.txt, tests/handlers/test_exception.py, tests/requests/test_data_upload_settings.py. - CVE-2023-24580 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 08:58:48 -0500
Available diffs
Superseded in lunar-proposed |
python-django (3:3.2.17-1) unstable; urgency=medium * New security upstream release. <https://www.djangoproject.com/weblog/2023/feb/01/security-releases/> - CVE-2023-23969: Potential denial-of-service via Accept-Language headers The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if large header values are sent. In order to avoid this vulnerability, the Accept-Language header is now parsed up to a maximum length. (Closes: #1030251) * Drop 0010-Fixed-inspectdb.tests.InspectDBTestCase.test_custom_.patch; applied upstream. * Refresh all patches. -- Chris Lamb <email address hidden> Wed, 01 Feb 2023 08:01:01 -0800
Available diffs
python-django (3:3.2.16-1ubuntu2) lunar; urgency=medium * SECURITY UPDATE: Potential DoS via Accept-Language headers - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language headers in django/utils/translation/trans_real.py, tests/i18n/tests.py. - CVE-2023-23969 -- Marc Deslauriers <email address hidden> Wed, 01 Feb 2023 09:35:23 -0500
Available diffs
python-django (1:1.11.11-1ubuntu1.19) bionic-security; urgency=medium * SECURITY UPDATE: Potential DoS via Accept-Language headers - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language headers in django/utils/translation/trans_real.py, tests/i18n/tests.py. - CVE-2023-23969 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:45:22 -0500
Available diffs
python-django (2:3.2.12-2ubuntu1.4) jammy-security; urgency=medium * SECURITY UPDATE: Potential DoS via Accept-Language headers - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language headers in django/utils/translation/trans_real.py, tests/i18n/tests.py. - CVE-2023-23969 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:37:50 -0500
Available diffs
python-django (3:3.2.15-1ubuntu1.1) kinetic-security; urgency=medium * SECURITY UPDATE: Potential DoS via Accept-Language headers - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language headers in django/utils/translation/trans_real.py, tests/i18n/tests.py. - CVE-2023-23969 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:35:46 -0500
Available diffs
python-django (2:2.2.12-1ubuntu0.15) focal-security; urgency=medium * SECURITY UPDATE: Potential DoS via Accept-Language headers - debian/patches/CVE-2023-23969.patch: limit length of Accept-Language headers in django/utils/translation/trans_real.py, tests/i18n/tests.py. - CVE-2023-23969 -- Marc Deslauriers <email address hidden> Mon, 30 Jan 2023 08:38:45 -0500
Available diffs
python-django (3:3.2.16-1ubuntu1) lunar; urgency=medium * d/p/0012-Add-Python-3.11-support-for-tests.patch: Make unit tests compatible with Python 3.11 to fix build errors (LP: #2002012) -- Lena Voytek <email address hidden> Fri, 06 Jan 2023 11:02:03 -0700
Available diffs
Superseded in lunar-release |
Published in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
python-django (3:3.2.15-1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs - debian/patches/CVE-2022-41323.patch: Prevented locales being interpreted as regular expressions in django/urls/resolvers.py, tests/i18n/patterns/tests.py. - CVE-2022-41323 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 08:08:25 -0400
Available diffs
Superseded in lunar-proposed |
python-django (3:3.2.16-1) unstable; urgency=high * New upstream security release. <https://www.djangoproject.com/weblog/2022/oct/04/security-releases/> - CVE-2022-41323: Prevent a potential denial-of-service vulnerability in internationalized URLs. Internationalised URLs were subject to potential denial of service attack via the locale parameter. This is now escaped to avoid this possibility. -- Chris Lamb <email address hidden> Tue, 04 Oct 2022 07:51:21 -0700
python-django (2:2.2.12-1ubuntu0.14) focal-security; urgency=medium * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs - debian/patches/CVE-2022-41323.patch: Prevented locales being interpreted as regular expressions in django/urls/resolvers.py, tests/i18n/patterns/tests.py. - CVE-2022-41323 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:37:54 -0400
Available diffs
python-django (2:3.2.12-2ubuntu1.3) jammy-security; urgency=medium * SECURITY UPDATE: Potential DoS vulnerability in internationalized URLs - debian/patches/CVE-2022-41323.patch: Prevented locales being interpreted as regular expressions in django/urls/resolvers.py, tests/i18n/patterns/tests.py. - CVE-2022-41323 -- Marc Deslauriers <email address hidden> Tue, 27 Sep 2022 09:35:14 -0400
Available diffs
python-django (3:3.2.15-1) unstable; urgency=high * New upstream security release. - CVE-2022-36359: Potential reflected file download vulnerability in FileResponse. An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility. <https://www.djangoproject.com/weblog/2022/aug/03/security-releases/> -- Chris Lamb <email address hidden> Wed, 03 Aug 2022 07:11:45 -0700
Available diffs
- diff from 2:3.2.13-1 to 3:3.2.15-1 (16.5 KiB)
- diff from 3:3.2.14-1 to 3:3.2.15-1 (4.1 KiB)
Superseded in kinetic-proposed |
python-django (3:3.2.14-1) unstable; urgency=medium * Revert Debian unstable to 3.2.x LTS release stream, bumping epoch. (Closes: #1016090) * Refresh patches. * Bump Standards-Version to 4.6.1. -- Chris Lamb <email address hidden> Tue, 02 Aug 2022 09:02:41 -0700
Available diffs
- diff from 2:4.0.6-1 to 3:3.2.14-1 (3.3 MiB)
python-django (2:3.2.12-2ubuntu1.2) jammy-security; urgency=medium * SECURITY UPDATE: Potential reflected file download - debian/patches/CVE-2022-36359.patch: escaped filename in Content-Disposition header in django/http/response.py, tests/responses/test_fileresponse.py. - CVE-2022-36359 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:12:17 -0300
Available diffs
python-django (2:2.2.12-1ubuntu0.13) focal-security; urgency=medium * SECURITY UPDATE: Potential reflected file download - debian/patches/CVE-2022-36359.patch: escaped filename in Content-Disposition header in django/http/response.py, tests/responses/test_fileresponse.py. - CVE-2022-36359 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jul 2022 11:31:16 -0300
Available diffs
python-django (2:4.0.6-1) unstable; urgency=high * New upstream security release: - CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments. "Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected." "This security release mitigates the issue, but we have identified improvements to the Database API methods related to date extract and truncate that would be beneficial to add to Django 4.1 before it's final release. This will impact 3rd party database backends using Django 4.1 release candidate 1 or newer, until they are able to update to the API changes. We apologize for the inconvenience." <https://www.djangoproject.com/weblog/2022/jul/04/security-releases/> * Refresh patches. -- Chris Lamb <email address hidden> Tue, 05 Jul 2022 12:38:15 +0100
Available diffs
- diff from 2:4.0.5-2 to 2:4.0.6-1 (21.6 KiB)
python-django (1:1.11.11-1ubuntu1.18) bionic-security; urgency=medium * SECURITY UPDATE: Potential SQL invjection - debian/patches/CVE-2022-34265.patch: protected trunc/extract against SQL injection in django/db/backends/base/operations.py, django/db/models/functions/datetime.py. - CVE-2022-34265 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 15:19:32 -0300
Available diffs
python-django (2:2.2.12-1ubuntu0.12) focal-security; urgency=medium * SECURITY UPDATE: Potential SQL invjection - debian/patches/CVE-2022-34265.patch: protected trunc/extract against SQL injection in django/db/backends/base/operations.py, django/db/models/functions/datetime.py. - CVE-2022-34265 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 13:44:58 -0300
Available diffs
python-django (2:3.2.12-2ubuntu1.1) jammy-security; urgency=medium * SECURITY UPDATE: Potential SQL invjection - debian/patches/CVE-2022-34265.patch: protected trunc/extract against SQL injection in django/db/backends/base/operations.py, django/db/models/functions/datetime.py. - CVE-2022-34265 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 09:29:53 -0300
Available diffs
1 → 50 of 365 results | First • Previous • Next • Last |