SUSE Package Hub - openSUSE-2024-272

Update Info

openSUSE-2024-272

Security update for python-Django

Type: security

Severity: important

Issued: 2024-08-30

Description:

This update for python-Django fixes the following issues:

* CVE-2024-42005: Fixed potential SQL injection in QuerySet.values() and values_list() (boo#1228629)
* CVE-2024-41989: Fixed memory exhaustion in django.utils.numberformat.floatformat() (boo#1228630)
* CVE-2024-41990: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1228631)
* CVE-2024-41991: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (boo#1228632)

References

CVE: CVE-2024-42005
CVE: CVE-2024-41991
CVE: CVE-2024-41990
CVE: CVE-2024-41989
Bugzilla: 1228632 VUL-0: CVE-2024-42005: python-Django,python-Django1,python-Django4: Potential SQL injection in QuerySet.values() and values_list()
Bugzilla: 1228631 VUL-0: CVE-2024-41991: python-Django,python-Django1,python-Django4: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
Bugzilla: 1228630 VUL-0: CVE-2024-41990: python-Django,python-Django1,python-Django4: Potential denial-of-service vulnerability in django.utils.html.urlize()
Bugzilla: 1228629 VUL-0: CVE-2024-41989: python-Django,python-Django1,python-Django4: Memory exhaustion in django.utils.numberformat.floatformat()

Packages

python-Django-2.2.28-bp155.7.15.1