[ubuntu/plucky-proposed] python-django 3:4.2.18-1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Fri Jan 17 12:29:59 UTC 2025
python-django (3:4.2.18-1) unstable; urgency=high
* New upstream security release. (Closes: #1093049)
- CVE-2024-56374: Potential denial-of-service vulnerability in IPv6
validation.
A lack of upper bound limit enforcement in strings passed when performing
IPv6 validation could have led to a potential denial-of-service (DoS)
attack. The undocumented and private functions clean_ipv6_address and
is_valid_ipv6_address were vulnerable, as was the GenericIPAddressField
form field, which has now been updated to define a max_length of 39
characters. The GenericIPAddressField model field was not affected.
<https://www.djangoproject.com/weblog/2025/jan/14/security-releases/>
Date: 2025-01-15 22:43:08.719751+00:00
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list