Publishing details

Published on 2023-02-28
Copied from Primary Archive for Ubuntu by Ubuntu Archive Auto-Sync (sponsored by Ubuntu Archive Robot)
Originally uploaded to debian sid in Primary Archive for Debian GNU/Linux

Changelog

python-django (3:3.2.18-1) unstable; urgency=high

  * New upstream security release:

    - CVE-2023-24580: Potential denial-of-service vulnerability in file uploads

      Passing certain inputs to multipart forms could result in too many open
      files or memory exhaustion, and provided a potential vector for a
      denial-of-service attack.

      The number of files parts parsed is now limited via the new
      DATA_UPLOAD_MAX_NUMBER_FILES setting.

      Thanks to Jakob Ackermann for the report. (Closes: #1031290)

 -- Chris Lamb <email address hidden>  Tue, 14 Feb 2023 09:12:57 -0800

Available diffs

diff from 3:3.2.16-1ubuntu2 (in Ubuntu) to 3:3.2.18-1 (12.2 KiB)
diff from 3:3.2.17-1 to 3:3.2.18-1 (5.6 KiB)

Builds

amd64

Built packages

python-django-doc High-level Python web development framework (documentation)

python3-django High-level Python web development framework

Package files

python-django-doc_3.2.18-1_all.deb (3.2 MiB)
python-django_3.2.18-1.debian.tar.xz (36.9 KiB)
python-django_3.2.18-1.dsc (2.7 KiB)
python-django_3.2.18.orig.tar.gz (9.4 MiB)
python3-django_3.2.18-1_all.deb (2.9 MiB)