python-django (3:4.2~beta1-1)
[PTS] [DDPO]
OLD: VCS is behind the version in the archive: 3:3.2.18-1 < 3:4.2~beta1-1.
- Git: https://salsa.debian.org/python-team/packages/python-django.git
-
- Branch: debian/sid
- Path: debian/changelog
- Repo size: 143257600
- Browser: https://salsa.debian.org/python-team/packages/python-django
- Last scan: 2023-03-20 09:15:27+00
- Next scan: 2023-03-25 12:39:00+00
- CI pipeline status: success
- Debian changelog in Git:
python-django (3:3.2.18-1) unstable; urgency=high
* New upstream security release:
- CVE-2023-24580: Potential denial-of-service vulnerability in file uploads
Passing certain inputs to multipart forms could result in too many open
files or memory exhaustion, and provided a potential vector for a
denial-of-service attack.
The number of files parts parsed is now limited via the new
DATA_UPLOAD_MAX_NUMBER_FILES setting.
Thanks to Jakob Ackermann for the report. (Closes: #1031290)
-- Chris Lamb <lamby@debian.org> Tue, 14 Feb 2023 09:12:57 -0800
- This branch is even with tag debian/3%3.2.18-1