python-django 2:2.2.16-1ubuntu0.5 source package in Ubuntu
Changelog
python-django (2:2.2.16-1ubuntu0.5) groovy-security; urgency=medium
* SECURITY UPDATE: header injection in URLValidator with Python 3.9.5+
- debian/patches/CVE-2021-32052.patch: prevent newlines and tabs from
being accepted in URLValidator in django/core/validators.py,
tests/validators/tests.py.
- CVE-2021-32052
* SECURITY UPDATE: potential directory traversal via admindocs
- debian/patches/CVE-2021-33203.patch: use safe_join in
django/contrib/admindocs/views.py, tests/admin_docs/test_views.py.
- CVE-2021-33203
* SECURITY UPDATE: possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
- debian/patches/CVE-2021-33571.patch: prevent leading zeros in IPv4
addresses in django/core/validators.py,
tests/validators/invalid_urls.txt, tests/validators/tests.py,
tests/validators/valid_urls.txt.
- CVE-2021-33571
-- Marc Deslauriers <email address hidden> Wed, 26 May 2021 08:57:53 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| python-django_2.2.16.orig.tar.gz | 8.5 MiB | 62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2786594 |
| python-django_2.2.16-1ubuntu0.5.debian.tar.xz | 37.1 KiB | 50073340ab3fe18f11e6f2ef3e9b5094aa282d437fffb52e326d4c83285e3178 |
| python-django_2.2.16-1ubuntu0.5.dsc | 2.8 KiB | ea0e224040257e1f88a98885efd20f68b61fdeaca19087fe4979a975ce44cd79 |
Available diffs
Binary packages built by this source
- python-django-doc: No summary available for python-django-doc in ubuntu groovy.
No description available for python-django-doc in ubuntu groovy.
- python3-django: No summary available for python3-django in ubuntu groovy.
No description available for python3-django in ubuntu groovy.
