-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 06 Aug 2024 16:59:24 +0100 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:4.2.15-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1078074 Changes: python-django (3:4.2.15-1) unstable; urgency=high . * New upstream security release. (Closes: #1078074) . - CVE-2024-41989: Memory exhaustion in django.utils.numberformat. . The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. . - CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. . The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. . - CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget . The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. . - CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() . QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. . <https://www.djangoproject.com/weblog/2024/aug/06/security-releases/> Checksums-Sha1: 4bd0cedeed1f979c4f813b23b86ac33d1ef48c25 2764 python-django_4.2.15-1.dsc 82d4afdf4c3210cf399eaebe287d4012a49444ff 10418066 python-django_4.2.15.orig.tar.gz e5aa8c698f26a9082c23ca6e0ca4ab9eeaae3a18 31908 python-django_4.2.15-1.debian.tar.xz 3229700ef66c4163b1d7d798fc747b52aae8e4da 7594 python-django_4.2.15-1_amd64.buildinfo Checksums-Sha256: d327f132aba6f910c023ac7882ae5bbe20c88fb533934f1d268a02ffc7444ae7 2764 python-django_4.2.15-1.dsc c77f926b81129493961e19c0e02188f8d07c112a1162df69bfab178ae447f94a 10418066 python-django_4.2.15.orig.tar.gz 0117013cc1a87c09666f4ad03800a4a4ce0a7dcc18358137b26d1e0dc1d1b8ae 31908 python-django_4.2.15-1.debian.tar.xz 4a80d44ea7f6b1fb67178b4e5d353500d07796e360e3d3d884ff054b8553cabd 7594 python-django_4.2.15-1_amd64.buildinfo Files: 8bdf32267a0dec045b7c27926cfdcafc 2764 python optional python-django_4.2.15-1.dsc a828465eb577e2b4c9a34b9839b33bef 10418066 python optional python-django_4.2.15.orig.tar.gz 8532ac9623aab487d0c3b6ed21481427 31908 python optional python-django_4.2.15-1.debian.tar.xz 4fd991f4a24303449e78a8a02f876a18 7594 python optional python-django_4.2.15-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmayS1kACgkQHpU+J9Qx HlggZg/6A08gveSnAamCST+Eb5NrIoCclfpsiRZR54pZ7rOe4j1M1WF7ysMGph6p MduAqjIGlMkoYAU3un/3a4TdLgBnomOvn7ZvCOrV8ONoF/SwuFHiXpu9zgdVMCYL iS3CfZ5PJbqP9MZDeTClJ2kcJivSHbjyzd1DMVikmYlg+gvX7b7G3/C1Z2r8Swxn h0HA7L2LgA3xtVSqHnBNH1tyiJ901Dk0/B/yfD8cjwpvQfJFwHbKAfIEJHRO4ldn AJTf/4QeHuNiQDTjst0v6UIe/wokeS2iO/Xa2T8jvDfUpthSP1geL+8ZoaDxOLtI OhaOERjeK32hB/Sl0vHSSYYnwFtxX6rGAjDcMpY2u+lKEYQmZol7994uYsT5efV4 FImoWCidZWR2PocEnLO/e3KR6nCyNsuXFxVKJl8a1qysC+UpewlFBA7KQ6s1a83m xA60HZkmwN0JPzTEzrp9ImCt2lBhbSeCtorPkeCjVaLIyHzHt1PJxtyDDVdRHa9H 8vkraIjq9UxYfHo2Z/yIpH9ZLGKnor8nWYZpqzrbWFaaUPzrCpCK2CK23hbfaqoD Tp6VlxxbYPl2ZsfHFzOSOpbxGMUncYJkFhSe/QikFT1sF42myAzCXVXu62Wd0+7y IxvzbD1Om9jgLwD+gKd/8qwe3s6EuccakV2hFS2X9Oat1BbuxTM= =0WK5 -----END PGP SIGNATURE-----
