Ubuntu
python-django package

python-django 2:2.2.20-1ubuntu0.4 source package in Ubuntu

Changelog

python-django (2:2.2.20-1ubuntu0.4) hirsute-security; urgency=medium

  * SECURITY UPDATE: Denial-of-service possibility in
    UserAtributeSimilarityValidator
    - debian/patches/CVE-2021-45115.patch: prevent DoS in
      django/contrib/auth/password_validation.py,
      docs/topics/auth/passwords.txt, tests/auth_tests/test_validators.py.
    - CVE-2021-45115
  * SECURITY UPDATE: Potential information disclosure in dictsort template
    filter
    - debian/patches/CVE-2021-45116.patch: properly handle private
      variables in django/template/defaultfilters.py,
      docs/ref/templates/builtins.txt,
      tests/template_tests/filter_tests/test_dictsort.py,
      tests/template_tests/filter_tests/test_dictsortreversed.py.
    - CVE-2021-45116
  * SECURITY UPDATE: Potential directory-traversal via Storage.save()
    - debian/patches/CVE-2021-31542-2.patch: fix regression caused by fix
      for CVE-2021-31542, and add allow_relative_path parameter to
      validate_file_name(), required by the following patch.
    - debian/patches/CVE-2021-45452.patch: fix path traversal in
      django/core/files/storage.py,
      tests/file_storage/test_generate_filename.py,
      tests/file_storage/tests.py.
    - CVE-2021-45452

 -- Marc Deslauriers <email address hidden>  Tue, 04 Jan 2022 07:29:07 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Hirsute
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Hirsute: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
python-django_2.2.20.orig.tar.gz 8.8 MiB 2569f9dc5f8e458a5e988b03d6b7a02bda59b006d6782f4ea0fd590ed7336a64
python-django_2.2.20-1ubuntu0.4.debian.tar.xz 39.1 KiB 581fac9a17fe62990926704e35a0d09dc2056e0e021ed85b8f8a7e745ccd4e32
python-django_2.2.20-1ubuntu0.4.dsc 2.8 KiB 66304b33ba2e82ec991ab4f8a04c2fdf50eebafb26a4fb620bb4147208894080

View changes file

Binary packages built by this source

python-django-doc: No summary available for python-django-doc in ubuntu hirsute.

No description available for python-django-doc in ubuntu hirsute.

python3-django: No summary available for python3-django in ubuntu hirsute.

No description available for python3-django in ubuntu hirsute.