3 Commits

Author	SHA1	Message	Date
Narpat Mali	ab9a31fabc	python3-django: fix CVE-2023-41164 ... In Django 3.2 before 3.2.21, 4 before 4.1.11, and 4.2 before 4.2.5, ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://security-tracker.debian.org/tracker/CVE-2023-41164 https://www.djangoproject.com/weblog/2023/sep/04/security-releases/ Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-09-27 10:23:14 -04:00
Narpat Mali	ac60beb44f	python3-django: fix CVE-2023-36053 ... In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://github.com/advisories/GHSA-jh3w-4vvf-mjgr 454f2fb934 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-08-25 10:45:34 -04:00
Narpat Mali	e43d068788	python3-django: fix for CVE-2023-31047 ... In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-06-17 13:49:44 -04:00