python-django 2:2.2.12-1ubuntu0.7 source package in Ubuntu

Changelog

python-django (2:2.2.12-1ubuntu0.7) focal-security; urgency=medium

  * SECURITY UPDATE: header injection in URLValidator with Python 3.9.5+
    - debian/patches/CVE-2021-32052.patch: prevent newlines and tabs from
      being accepted in URLValidator in django/core/validators.py,
      tests/validators/tests.py.
    - CVE-2021-32052
  * SECURITY UPDATE: potential directory traversal via admindocs
    - debian/patches/CVE-2021-33203.patch: use safe_join in
      django/contrib/admindocs/views.py, tests/admin_docs/test_views.py.
    - CVE-2021-33203
  * SECURITY UPDATE: possible indeterminate SSRF, RFI, and LFI attacks
    since validators accepted leading zeros in IPv4 addresses
    - debian/patches/CVE-2021-33571.patch: prevent leading zeros in IPv4
      addresses in django/core/validators.py,
      tests/validators/invalid_urls.txt, tests/validators/tests.py,
      tests/validators/valid_urls.txt.
    - CVE-2021-33571

 -- Marc Deslauriers <email address hidden>  Wed, 26 May 2021 08:58:41 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main python
Focal security main python

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
python-django_2.2.12.orig.tar.gz 8.5 MiB 69897097095f336d5aeef45b4103dceae51c00afa6d3ae198a2a18e519791b7a
python-django_2.2.12-1ubuntu0.7.debian.tar.xz 42.7 KiB fa58eaa01fcaba9f4e23d89c236e9bad28edac7077cd3e636256c3e07b9bbf60
python-django_2.2.12-1ubuntu0.7.dsc 2.8 KiB a7ac77d4474d22fbdb166ac558150d6e150496095a644fd485fc8bfc7d8e77b8

View changes file

Binary packages built by this source

python-django-doc: High-level Python web development framework (documentation)

 Django is a high-level web application framework that loosely follows the
 model-view-controller design pattern.
 .
 Python's equivalent to Ruby on Rails, Django lets you build complex
 data-driven websites quickly and easily - Django focuses on automating as much
 as possible and adhering to the "Don't Repeat Yourself" (DRY) principle.
 .
 Django additionally emphasizes reusability and "pluggability" of components;
 many generic third-party "applications" are available to enhance projects or
 to simply to reduce development time even further.
 .
 This package contains the HTML documentation and example projects.

python3-django: High-level Python web development framework

 Django is a high-level web application framework that loosely follows the
 model-view-controller design pattern.
 .
 Python's equivalent to Ruby on Rails, Django lets you build complex
 data-driven websites quickly and easily - Django focuses on automating as much
 as possible and adhering to the "Don't Repeat Yourself" (DRY) principle.
 .
 Django additionally emphasizes reusability and "pluggability" of components;
 many generic third-party "applications" are available to enhance projects or
 to simply to reduce development time even further.
 .
 Notable features include:
  * An object-relational mapper (ORM)
  * Automatic admin interface
  * Elegant URL dispatcher
  * Form serialization and validation system
  * Templating system
  * Lightweight, standalone web server for development and testing
  * Internationalization support
  * Testing framework and client