[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3329-1] python-django security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3329-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
February 20, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-django
Version        : 1:1.11.29-1+deb10u7
CVE ID         : CVE-2023-24580
Debian Bug     : 1031290

It was discovered that there was a denial-of-service vulnerability in
Django, a Python-based web development framework.

Passing certain inputs to multipart forms could have resulted in too
many open files or memory exhaustion, and provided a potential vector
for a denial-of-service attack.

The number of files parts parsed is now limited via a new
DATA_UPLOAD_MAX_NUMBER_FILES setting.

For Debian 10 buster, this problem has been fixed in version
1:1.11.29-1+deb10u7.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmPz0bAACgkQHpU+J9Qx
HlhdiA//Z1p11SsKqL2/4+ghI5dhnjLUYnWPalxRy5OoRrejPaAjMONFruNcxzCZ
+BDycnptvaXl6QOBRGgBvhANyhoFCAPtTapHQWKzBxKsJfYX/SmXgWG+tTgNs5c5
CwbTciEjneML3Y8tdxpbpgem5TP3HERqJozWPy7nYr9WOKpx5u475Xerova5xzQb
csfppmriGZo59biDeoeO+nhQGcnagezRYPnOiTXmZlK1JpUu5bN5kxoGnWhibT9q
y2upC5i9UZAbSKjkHg9DIMkD4e6MmNwzMBkVrIUilDvKz5Ac0eHVjUAnA+JB/RTT
L0z9Ddt1MmolHO5PYl+qpaj2acFgF3QzUMzOzPYFASFURy4e2w5vd8tk47hntW5t
qfl/lXIW9+wafY9bqpr2P7sklXvjpJuj/2VM4kQr14qHFA9kfs6/iqsyVKAomtwb
gsInF4PvQbm/9u7HKxSNqdRhGg6wC1YN0j3b+jEaWjviKgSVVVORpq24uW6/wvyM
+deVCV0GbNC6bdqXxtcNfjblKDZnHu3HmKJ08dvZIHOvcPSM9EaIsBd9suepvNkb
ABx2GbReFkvDzleSxFe49vmpRwNUInc+Q+I1BJ9kv+32c3BQy0rjTRPykICFNZ+4
UhL9cnqlDHJOxdWfwjviQ7ER+KkliLFHaYKJHTm+lJlsMP1bMoE=
=iA59
-----END PGP SIGNATURE-----


Reply to: