SUSE Package Hub - openSUSE-2023-178

Update Info

openSUSE-2023-178

Security update for python-Django

Type: security

Severity: moderate

Issued: 2023-07-13

Description:

This update for python-Django fixes the following issues:

- CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (boo#1212742)
- CVE-2023-24580: Fixed potential denial-of-service vulnerability in file uploads (boo#1208082)
- CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (boo#1207565)
- CVE-2022-41323: Fixed potential denial-of-service vulnerability in internationalized URLs (boo#1203793)

References

CVE: CVE-2023-36053
CVE: CVE-2023-24580
CVE: CVE-2023-23969
CVE: CVE-2022-41323
Bugzilla: 1212742 VUL-0: CVE-2023-36053: python-Django Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
Bugzilla: 1208082 VUL-0: CVE-2023-24580: python-Django,python-Django1: Potential denial-of-service vulnerability in file uploads
Bugzilla: 1207565 VUL-0: CVE-2023-23969: python-Django: potential denial-of-service via Accept-Language headers
Bugzilla: 1203793 VUL-0: CVE-2022-41323: python-Django: potential denial-of-service vulnerability in internationalized URLs

Packages

python-Django-2.2.28-bp155.7.3.1