python-django 2:2.2.16-1ubuntu0.5 source package in Ubuntu
Changelog
python-django (2:2.2.16-1ubuntu0.5) groovy-security; urgency=medium * SECURITY UPDATE: header injection in URLValidator with Python 3.9.5+ - debian/patches/CVE-2021-32052.patch: prevent newlines and tabs from being accepted in URLValidator in django/core/validators.py, tests/validators/tests.py. - CVE-2021-32052 * SECURITY UPDATE: potential directory traversal via admindocs - debian/patches/CVE-2021-33203.patch: use safe_join in django/contrib/admindocs/views.py, tests/admin_docs/test_views.py. - CVE-2021-33203 * SECURITY UPDATE: possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses - debian/patches/CVE-2021-33571.patch: prevent leading zeros in IPv4 addresses in django/core/validators.py, tests/validators/invalid_urls.txt, tests/validators/tests.py, tests/validators/valid_urls.txt. - CVE-2021-33571 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 08:57:53 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_2.2.16.orig.tar.gz | 8.5 MiB | 62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2786594 |
python-django_2.2.16-1ubuntu0.5.debian.tar.xz | 37.1 KiB | 50073340ab3fe18f11e6f2ef3e9b5094aa282d437fffb52e326d4c83285e3178 |
python-django_2.2.16-1ubuntu0.5.dsc | 2.8 KiB | ea0e224040257e1f88a98885efd20f68b61fdeaca19087fe4979a975ce44cd79 |
Available diffs
Binary packages built by this source
- python-django-doc: No summary available for python-django-doc in ubuntu groovy.
No description available for python-django-doc in ubuntu groovy.
- python3-django: No summary available for python3-django in ubuntu groovy.
No description available for python3-django in ubuntu groovy.