Your message dated Mon, 03 Jul 2023 19:54:13 +0000
with message-id <[email protected]>
and subject line Bug#1040225: fixed in python-django 3:4.2.3-1
has caused the Debian Bug report #1040225,
regarding python-django: CVE-2023-36053
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1040225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-django
Version: 1:1.10.7-2+deb9u17
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-django.
CVE-2023-36053[0]:
| In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3,
| EmailValidator and URLValidator are subject to a potential ReDoS
| (regular expression denial of service) attack via a very large
| number of domain name labels of emails and URLs.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36053
https://www.cve.org/CVERecord?id=CVE-2023-36053
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 3:4.2.3-1
Done: Chris Lamb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 03 Jul 2023 17:28:20 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.3-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 1040225
Changes:
python-django (3:4.2.3-1) experimental; urgency=medium
.
* New upstream security release:
.
- CVE-2023-36053: Potential regular expression denial of service
vulnerability in EmailValidator/URLValidator.
.
EmailValidator and URLValidator were subject to potential regular
expression denial of service attack via a very large number of domain
name labels of emails and URLs. (Closes: #1040225)
Checksums-Sha1:
b274d908a622871cc682e7d78c332dad194a8566 2782 python-django_4.2.3-1.dsc
1cce8aa5cc6ece5fd5ce5d004c7e58cfa8ceff2f 10419003
python-django_4.2.3.orig.tar.gz
b94ae96be10ca80e80065179a15453d397959b2e 28724
python-django_4.2.3-1.debian.tar.xz
6b4b9ecc1ab437efdad38710293c6e16f4f19e4f 7770
python-django_4.2.3-1_amd64.buildinfo
Checksums-Sha256:
a9e6b9e5b5522c08e9353a51a1c67da1681edbbd4c0c7b73c689e7c7118ee721 2782
python-django_4.2.3-1.dsc
45a747e1c5b3d6df1b141b1481e193b033fd1fdbda3ff52677dc81afdaacbaed 10419003
python-django_4.2.3.orig.tar.gz
e5e2debc4d4d132c768bfb2406c579d36bd88a08cef5b8eb4eaacd0999242e40 28724
python-django_4.2.3-1.debian.tar.xz
9a65b19f94041da2db686d791336c27cde298da19f189c539da0aef96c3d210f 7770
python-django_4.2.3-1_amd64.buildinfo
Files:
ca6a77cfde9b057fcd2c8d41f3fc3550 2782 python optional python-django_4.2.3-1.dsc
eaa70abe96b6e6b50ef297531c365265 10419003 python optional
python-django_4.2.3.orig.tar.gz
699db32b5886fc07ba8cbd615fafc0e0 28724 python optional
python-django_4.2.3-1.debian.tar.xz
10bec7619d8a574538c6bd192c231bb7 7770 python optional
python-django_4.2.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmSjIY8ACgkQHpU+J9Qx
HliweA//Uce+SuveM0UVd+ioTjHt9MLwicgG1B5spRgejN159zs/jdZiEBmEfZnS
O73eVWeDQsHl/jw2vghCTgYKTL5wMFROCOCdGcOF+re/B2siG6vHQckl3AdAfA/q
7FiwnJf/fCeunbFSrFXKLpgiYdYkzzQSmVocWJFDFl63aTqNznBHJcwkB63jDfNe
5ppuFj4kZ2GpdbEyoK8DOkCdUAZQbwCO4va0ft75w2Bm+7RzxQbTegvAuWf5ry4n
KzN4Yoh1xToNoEYVmWdfnx1P89hU0PjJAPKnGHjuJkekE3aHxwlkTpSxy/LrHunJ
n00SNRa8oI9nFu90Oh3GyvCNS/Oa5aZxYOHaRixl9R1kt+2bf3xEPbJW60GwbtBT
xJMKknJhAeBwz+7LMMKoB3uJUwcK+lGMyUkHEyiGoqkUCqio2kCQDDL48ATgYll6
1kYWwlhuLxVeLnwSTFX4OWl0pSxKvdG630rpHE8NE2iYnfw6aA0Xup8/ZokXNUeb
CQKKH4bcvUSEXF/09E0A4sep8G2DtZKh/Iz3IkI8Q6IVXpv8dI+NCYmaPmEm0lKZ
VRl9rJhUnoPkYdPjJnp2Js03I8gBGQGVZDEtKQMS8c5iR6gZ0FOaY7JNy3jcImpo
SyDTwf7Teo/W5FwLfx6uwvoY6E+aMrn8Gpr8o/Uw9vgXh22EEoE=
=H5NM
-----END PGP SIGNATURE-----
--- End Message ---
