python-django (3:5.1.4-1)
[PTS] [DDPO]
OLD: VCS is behind the version in the archive: 3:4.2.17-1 < 3:5.1.4-1.
- Git: https://salsa.debian.org/python-team/packages/python-django.git
-
- Branch: debian/sid
- Path: debian/changelog
- Repo size: 12161024
- Browser: https://salsa.debian.org/python-team/packages/python-django
- Last scan: 2024-12-04 21:01:11+00
- Next scan: 2024-12-13 09:20:00+00
- CI pipeline status: failed
- Debian changelog in Git:
python-django (3:4.2.17-1) unstable; urgency=medium
* New upstream security release:
- CVE-2024-53907: Potential DoS in django.utils.html.strip_tags.
The strip_tags() method and striptags template filter were subject to a
potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
- CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
was subject to SQL injection if untrusted data is used as a lhs value.
Applications that use the jsonfield.has_key lookup through the __ syntax
are unaffected.
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>
* Refresh patches.
-- Chris Lamb <lamby@debian.org> Wed, 04 Dec 2024 17:33:13 +0000
- This branch is even with tag debian/3%4.2.17-1