Your message dated Sat, 05 Aug 2023 22:04:10 +0000 with message-id <e1qspna-006hw8...@fasolo.debian.org> and subject line Bug#1040225: fixed in python-django 3:3.2.19-1+deb12u1 has caused the Debian Bug report #1040225, regarding python-django: CVE-2023-36053 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1040225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.10.7-2+deb9u17 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2023-36053[0]: | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, | EmailValidator and URLValidator are subject to a potential ReDoS | (regular expression denial of service) attack via a very large | number of domain name labels of emails and URLs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-36053 https://www.cve.org/CVERecord?id=CVE-2023-36053 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 3:3.2.19-1+deb12u1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1040...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Jul 2023 14:24:04 +0100 Source: python-django Binary: python-django-doc python3-django Built-For-Profiles: nocheck Architecture: source all Version: 3:3.2.19-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework Closes: 1040225 Changes: python-django (3:3.2.19-1+deb12u1) bookworm-security; urgency=high . * CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator. . EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. (Closes: #1040225) . * Add/apply the URLValidator patch from sid. Checksums-Sha1: 09c5f6d18db38a947afba98160a378177f51c5a6 2839 python-django_3.2.19-1+deb12u1.dsc 42f62327acc78f37f69cba058232fbfd7d8c77cd 9832772 python-django_3.2.19.orig.tar.gz 2dd63ab49ea36d669433c06fca3401de370b9e08 41392 python-django_3.2.19-1+deb12u1.debian.tar.xz 940d0d823598fa391cffee670fabd51ed5c0c788 2926288 python-django-doc_3.2.19-1+deb12u1_all.deb 33b04f9a4c2c523b5e11268c7ac06abc8ee34c87 8096 python-django_3.2.19-1+deb12u1_amd64.buildinfo 3e3865dffa81d5c3f6ff0ee4412c2156787e24c4 2824248 python3-django_3.2.19-1+deb12u1_all.deb Checksums-Sha256: 6e758c03a8beeef4d4e2e3f55790da7bd1303c8d27f3250690f3f9200fe6d53f 2839 python-django_3.2.19-1+deb12u1.dsc 031365bae96814da19c10706218c44dff3b654cc4de20a98bd2d29b9bde469f0 9832772 python-django_3.2.19.orig.tar.gz 834c695665965af1433467ed67a60be1b201b16573e745275f764a2fd314accf 41392 python-django_3.2.19-1+deb12u1.debian.tar.xz 9178e37263bab1a84129c15e03ed1c66c4acb1e1156189527bb64772f9b528f9 2926288 python-django-doc_3.2.19-1+deb12u1_all.deb 57a18360c0e48eec8d6118620ba927105662e0df7f32b1127f4a8d021a224a34 8096 python-django_3.2.19-1+deb12u1_amd64.buildinfo 6a16d41810c1efeb013f72275df9e88033461888c873e5470eb032fadf4d9078 2824248 python3-django_3.2.19-1+deb12u1_all.deb Files: ca5d2af0394a80ec710e352e4fdef0d7 2839 python optional python-django_3.2.19-1+deb12u1.dsc d84f0b8669678fea14579d7400a521e2 9832772 python optional python-django_3.2.19.orig.tar.gz 57c2fba6730c6882408feafdb848de57 41392 python optional python-django_3.2.19-1+deb12u1.debian.tar.xz f691f0cdbdafa191337e820a5b805a94 2926288 doc optional python-django-doc_3.2.19-1+deb12u1_all.deb dcf29abd6219b6308f3104665cde97cc 8096 python optional python-django_3.2.19-1+deb12u1_amd64.buildinfo cd6e83dc2ad061b0cadd0b2c9b712589 2824248 python optional python3-django_3.2.19-1+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmTI19wACgkQHpU+J9Qx HlgcCw/+L3uSzLm/u3OqkndpPizrE3ebUqT3lYrwhaJtHJxNtWC0opWMkUyrK7i/ wwiFQwSZoUHLWsX575C6yFi5cX96XQVA7UycK6Hcr84usgVEyMjx8O8EdYrCOFqr +evNAc63FBJHmQ4rJv2ovqdkvwYBDNxUPfXiKrI/re/yEHDwk0foSzTmzejuCIkX rmaQsNht/ZbMzpm4TjaS/u31WQA1SQWf32fwpFw7b/8hSO3mBibkulpUgseqagYP NHXMEmPzSjzjwIqTGlX7PEUP+j9+MSTnRTbPCiztdubTkVr6/KsP7xj3zuatAN1y vLfaIdR9Z/mHxTjcKwO94mLW/shViH3+fUZZ/J/Y9Md9vtTbzLmQsmUabP1GxDfK t2ZzEIaGTcIV4Y8e8pdPKCxmiai5a54CRoPm5THG3pG96+cB0RBSvBM04266Kls+ Jy04hB9dArGY0AjMYV2hLCtDXhZuLwSoAkfQvMCPd9uSTLQs4YnIeLqfq3NM/e9s vP1qzIq6Ef+hYpglCMI9Cp1kB5hR1m6B8DgtlfSnX21peFqqmXhf+Ax65lheYl/q R67LHLvA6YZblzLZIPQLqCtJt5zctytqrloQ2I+DhXRKnYHB27RobVvWn9rxpfiu OpU+hVr6FYFhgL6D8+kuBcgqMAEce30dCGuriL9x0EaCdG8J81A= =GuNC -----END PGP SIGNATURE-----
--- End Message ---
