python-django 2:2.2.20-1ubuntu0.2 source package in Ubuntu
Changelog
python-django (2:2.2.20-1ubuntu0.2) hirsute-security; urgency=medium * SECURITY UPDATE: header injection in URLValidator with Python 3.9.5+ - debian/patches/CVE-2021-32052.patch: prevent newlines and tabs from being accepted in URLValidator in django/core/validators.py, tests/validators/tests.py. - CVE-2021-32052 * SECURITY UPDATE: potential directory traversal via admindocs - debian/patches/CVE-2021-33203.patch: use safe_join in django/contrib/admindocs/views.py, tests/admin_docs/test_views.py. - CVE-2021-33203 * SECURITY UPDATE: possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses - debian/patches/CVE-2021-33571.patch: prevent leading zeros in IPv4 addresses in django/core/validators.py, tests/validators/invalid_urls.txt, tests/validators/tests.py, tests/validators/valid_urls.txt. - CVE-2021-33571 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 08:52:14 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_2.2.20.orig.tar.gz | 8.8 MiB | 2569f9dc5f8e458a5e988b03d6b7a02bda59b006d6782f4ea0fd590ed7336a64 |
python-django_2.2.20-1ubuntu0.2.debian.tar.xz | 33.1 KiB | 72dfa1b4e88fac43a1540c3055cb2ebac58154df1f027f76ee99d8c39efb90a8 |
python-django_2.2.20-1ubuntu0.2.dsc | 2.8 KiB | 3b46d6ca7c97ac084967bf43b3b4f2f235e114ed75e46759c20690b108930003 |
Available diffs
Binary packages built by this source
- python-django-doc: No summary available for python-django-doc in ubuntu hirsute.
No description available for python-django-doc in ubuntu hirsute.
- python3-django: No summary available for python3-django in ubuntu hirsute.
No description available for python3-django in ubuntu hirsute.