-
python-django (3:4.2.11-1ubuntu1) noble; urgency=medium
* d/p/fix-mail-using-utf-8-surrogateescape.patch: Fix
SafeMIMEText.set_payload() crash using python 3.12.3
-- Lena Voytek <email address hidden> Tue, 16 Apr 2024 12:25:28 -0700
-
python-django (3:4.2.11-1) unstable; urgency=high
* New upstream security release:
- CVE-2024-27351: Fix a potential regular expression denial-of-service
(ReDoS) attack in django.utils.text.Truncator.words. This method
(with html=True) and the truncatewords_html template filter were subject
to a potential regular expression denial-of-service attack via a suitably
crafted string. This is, in part, a follow up to CVE-2019-14232 and
CVE-2023-43665.
<https://docs.djangoproject.com/en/dev/releases/4.2.11/>
-- Chris Lamb <email address hidden> Tue, 05 Mar 2024 13:03:35 +0000
-
python-django (3:4.2.10-1) unstable; urgency=high
* New upstream security release:
- CVE-2024-24680: Potential denial-of-service in intcomma template filter.
The intcomma template filter was subject to a potential denial-of-service
attack when used with very long strings.
<https://docs.djangoproject.com/en/dev/releases/4.2.10/>
-- Chris Lamb <email address hidden> Tue, 06 Feb 2024 08:15:25 -0800
-
python-django (3:4.2.9-1) unstable; urgency=medium
* New upstream bugfix release.
<https://docs.djangoproject.com/en/dev/releases/4.2.9/>
-- Chris Lamb <email address hidden> Wed, 03 Jan 2024 11:15:04 +0000
-
python-django (3:4.2.8-1) unstable; urgency=medium
* New upstream bugfix release.
<https://docs.djangoproject.com/en/5.0/releases/4.2.8/>
-- Chris Lamb <email address hidden> Thu, 07 Dec 2023 13:05:03 +0000
-
python-django (3:4.2.4-1ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: DoS possibility in django.utils.text.Truncator
- debian/patches/CVE-2023-43665.patch: limit size of input strings in
django/utils/text.py, tests/utils_tests/test_text.py,
docs/ref/templates/builtins.txt.
- CVE-2023-43665
-- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 13:53:21 -0400
