[SECURITY] [DLA 3558-1] python-django security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3558-1] python-django security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 07 Sep 2023 18:00:21 -0700
Message-id: <[🔎] 169411766951.1181697.6615687782364129006@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3558-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
September 07, 2023                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-django
Version        : 1:1.11.29-1+deb10u10
CVE ID         : CVE-2023-41164
Debian Bug     : 1051226

It was discovered that there was a potential denial of service
vulnerability in Django, a popular Python-based web development
framework.

Upstream reported that there was a potential vulnerability in
django.utils.encoding.uri_to_iri(). This method was subject to
potential DoS attack via certain inputs with a very large number of
Unicode characters. 

For Debian 10 buster, this problem has been fixed in version
1:1.11.29-1+deb10u10.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmT6LyMACgkQHpU+J9Qx
Hlj6HRAAo5GhR58j5PCnWjVVuyeKGJeowHHjLLF3PRmTzrS4mRaJyAgXYj3PAVh/
Ly9BJ6Xio1PWN2ECWQhParMAklELRxAJBYYmg07NnFUjhvg6Xl/ZgK9w30KU8Duv
6T/mkw1XaL2IFDKGhi8ygP9yGqeFD3CmNpmeMEluRuW3BnSvosiRLtcT4R3j6vCm
1E5oX+P24wcqEJlw5Qyq4piVTuI2Y6B+CaZIsjGFvrgaG5bXCULXJh7hpWOlWgiO
6yXckY1uIYj65C0LnVaFSLpVTb3JXTFZ1RFWHwbGgWkaQb9eEhsZu+ZoTy4JzlNK
ZQsQ/hbvBoeXw863MrcunV18UY8JhWSTw0VFaCji79Nz8H7uUKe99mkEdOg9/TIf
LQsA4hQmy3F3pTFIsEVFShiceD7uOWap9kvOprSj5g/zhu98UCI8/T/E+PnkQCeK
/YQfEbbe4GgR0NsU9hIAMGt4FOj7q4rIgtI/U8AUxZy4orizshTxea88kMD1+xiH
WkJLjbkv7pFrEwSygka5lUMMwljSz0XKeJQ6Jl6jpvITBsCp8p0NwvvmUzHJVVhD
m2egPSF3z5AzCCStfrX0xRJCbJWetsYmUGprdZFR1FppaKBnjRaRoPOq5Oubh2aj
OPA7a19I5O+kMbSqr/2EpcDik0YTba3QhQXF9ts+0UKmqAxwFqk=
=q5GH
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3557-1] memcached security update
Next by Date: [SECURITY] [DLA 3559-1] libssh2 security update
Previous by thread: [SECURITY] [DLA 3557-1] memcached security update
Next by thread: [SECURITY] [DLA 3559-1] libssh2 security update
Index(es):
- Date
- Thread