[ubuntu/lunar-proposed] python-django 3:3.2.17-1 (Accepted)
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Fri Feb 3 22:52:36 UTC 2023
python-django (3:3.2.17-1) unstable; urgency=medium
* New security upstream release.
<https://www.djangoproject.com/weblog/2023/feb/01/security-releases/>
- CVE-2023-23969: Potential denial-of-service via Accept-Language headers
The parsed values of Accept-Language headers are cached in order to avoid
repetitive parsing. This leads to a potential denial-of-service vector
via excessive memory usage if large header values are sent.
In order to avoid this vulnerability, the Accept-Language header is now
parsed up to a maximum length. (Closes: #1030251)
* Drop 0010-Fixed-inspectdb.tests.InspectDBTestCase.test_custom_.patch;
applied upstream.
* Refresh all patches.
Date: 2023-02-01 22:37:38.547530+00:00
Signed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/python-django/3:3.2.17-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list