Debian
python-django package

python-django 2:4.0.2-1 source package in Debian

Changelog

python-django (2:4.0.2-1) experimental; urgency=medium

  * New upstream security release:

    - CVE-2022-22818: Possible XSS via {% debug %} template tag.
      The {% debug %} template tag didn't properly encode the current context,
      posing an XSS attack vector.

      In order to avoid this vulnerability, {% debug %} no longer outputs
      information when the DEBUG setting is False, and it ensures all context
      variables are correctly escaped when the DEBUG setting is True.

    - CVE-2022-23833: Denial-of-service possibility in file uploads

      Passing certain inputs to multipart forms could result in an
      infinite loop when parsing files.

    See <https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
    for more information. (Closes: #1004752)

 -- Chris Lamb <email address hidden>  Tue, 01 Feb 2022 09:02:51 -0800

Upload details

Uploaded by:
Debian Python Team
Uploaded to:
Experimental
Original maintainer:
Debian Python Team
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
python-django_4.0.2-1.dsc 2.7 KiB 2cb44bdc787fa5e1f62d083e1a113766162776e347e383fbe3e68807a23c2466
python-django_4.0.2.orig.tar.gz 9.5 MiB 110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a
python-django_4.0.2-1.debian.tar.xz 27.7 KiB 66f94f095098474d44f0c1dd6b9afd56b0bbfd91921a89013991dc7e21a154b9

No changes file available.

Binary packages built by this source