[ubuntu/plucky-proposed] python-django 3:4.2.17-1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Dec 5 14:19:55 UTC 2024
python-django (3:4.2.17-1) unstable; urgency=medium
* New upstream security release:
- CVE-2024-53907: Potential DoS in django.utils.html.strip_tags.
The strip_tags() method and striptags template filter were subject to a
potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
- CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
was subject to SQL injection if untrusted data is used as a lhs value.
Applications that use the jsonfield.has_key lookup through the __ syntax
are unaffected.
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>
* Refresh patches.
Date: 2024-12-04 22:41:13.763470+00:00
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:4.2.17-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list