python-django (3:5.1~rc1-1)
[PTS] [DDPO]
OLD: VCS is behind the version in the archive: 3:4.2.14-1 < 3:5.1~rc1-1.
- Git: https://salsa.debian.org/python-team/packages/python-django.git
-
- Branch: debian/sid
- Path: debian/changelog
- Repo size: 11567104
- Browser: https://salsa.debian.org/python-team/packages/python-django
- Last scan: 2024-07-25 15:52:19+00
- Next scan: 2024-08-01 22:32:00+00
- CI pipeline status: failed
- Debian changelog in Git:
python-django (3:4.2.14-1) unstable; urgency=medium
* New upstream security release. (Closes: #1076069)
- CVE-2024-38875: Prevent a potential denial-of-service in
django.utils.html.urlize. This method (and urlizetrunc) were subject to a
potential DoS attack via specially-crafted inputs with a very large
number of brackets.
- CVE-2024-39329: Avoid a username enumeration vulnerability through timing
difference for users with unusable password. The authenticate method of
django.contrib.auth.backends.ModelBackend method allowed remote attackers
to enumerate users via a timing attack involving login requests for users
with unusable passwords.
- CVE-2024-39330: Address a potential directory-traversal in
django.core.files.storage.Storage.save. Derived classes of this method's
base class which override generate_filename without replicating the file
path validations existing in the parent class allowed for potential
directory-traversal via certain inputs when calling save(). Built-in
Storage sub-classes were not affected by this vulnerability.
- CVE-2024-39614: Fix a potential denial-of-service in
django.utils.translation.get_supported_language_variant. This method
was subject to a potential DoS attack when used with very long strings
containing specific characters. To mitigate this vulnerability, the
language code provided to get_supported_language_variant is now parsed up
to a maximum length of 500 characters.
<https://www.djangoproject.com/weblog/2024/jul/09/security-releases/>
-- Chris Lamb <lamby@debian.org> Wed, 10 Jul 2024 09:50:49 +0100
- This branch is even with tag debian/3%4.2.14-1