Publishing details
Changelog
python-django (3:3.2.18-1) unstable; urgency=high
* New upstream security release:
- CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
Passing certain inputs to multipart forms could result in too many open
files or memory exhaustion, and provided a potential vector for a
denial-of-service attack.
The number of files parts parsed is now limited via the new
DATA_UPLOAD_MAX_NUMBER_FILES setting.
Thanks to Jakob Ackermann for the report. (Closes: #1031290)
-- Chris Lamb <email address hidden> Tue, 14 Feb 2023 09:12:57 -0800
Builds
Built packages
-
python-django-doc
High-level Python web development framework (documentation)
-
python3-django
High-level Python web development framework
Package files