Your message dated Mon, 04 Sep 2023 18:24:12 +0000
with message-id <e1qdefa-007skk...@fasolo.debian.org>
and subject line Bug#1051226: fixed in python-django 3:3.2.21-1
has caused the Debian Bug report #1051226,
regarding python-django: CVE-2023-41164
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1051226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-django
Version: 1:1.11.29-1+deb10u9
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-django.
CVE-2023-41164[0]:
Potential denial of service vulnerability in
django.utils.encoding.uri_to_iri(); this was subject to potential
denial of service attack via certain inputs with a very large number
of Unicode characters.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-41164
https://www.cve.org/CVERecord?id=CVE-2023-41164
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 3:3.2.21-1
Done: Chris Lamb <la...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1051...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 04 Sep 2023 11:02:53 -0700
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:3.2.21-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Closes: 1051226
Changes:
python-django (3:3.2.21-1) unstable; urgency=high
.
* New upstream security release:
.
- CVE-2023-41164: Potential denial of service vulnerability in
django.utils.encoding.uri_to_iri(). This method was subject to potential
denial of service attack via certain inputs with a very large number of
Unicode characters. (Closes: #1051226)
.
<https://www.djangoproject.com/weblog/2023/sep/04/security-releases/>
.
* Refresh patches.
Checksums-Sha1:
a2bc24a5f42f4b72c50a06cd7655f96f39dc9ca1 2807 python-django_3.2.21-1.dsc
3b5106ad5bba06c2a79e50a22e1524f5f272522a 9836824
python-django_3.2.21.orig.tar.gz
53a2649481755d92c3d5c08e8829e9088e8cffac 39004
python-django_3.2.21-1.debian.tar.xz
915518c901d0876977e9c0edb4692872b7973fd8 8026
python-django_3.2.21-1_amd64.buildinfo
Checksums-Sha256:
5eee722e0e7199ba8dca4693af8d407b8f03598bf8cb5640aa1a55326c0add51 2807
python-django_3.2.21-1.dsc
a5de4c484e7b7418e6d3e52a5b8794f0e6b9f9e4ce3c037018cf1c489fa87f3c 9836824
python-django_3.2.21.orig.tar.gz
2f6891c4f1794e596bdb23460c278a634426b71ad83bc6e0957b52a5d377d813 39004
python-django_3.2.21-1.debian.tar.xz
4f8cfbd5b7c16bd37f1cf6e0fa1e3d34d80d91e339820d2066a5849edf40320e 8026
python-django_3.2.21-1_amd64.buildinfo
Files:
a6fd9381522738922ee064d6f371d8ce 2807 python optional
python-django_3.2.21-1.dsc
38c4eba2d11374a9c1dd73300df7771d 9836824 python optional
python-django_3.2.21.orig.tar.gz
228f6791c4842c56447b701f33b37833 39004 python optional
python-django_3.2.21-1.debian.tar.xz
c4013e39acea3e521dfee71275378348 8026 python optional
python-django_3.2.21-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmT2HOIACgkQHpU+J9Qx
HlgXLw//btF3bQ2VCdjRzE9TrEwmSLENoMcAVVNki41Yqt86kt1J4uenvmXpUni/
2T+V2E4nqXw0nFzqTbAPPBoJPeMjiwO0oLTGqtm8KC+8w/tJsE+J8+QjZ9HNSbTU
yi+4uEOBiPLsX5WwNfrAF+/j5D20QLbvnZZd1UfjrGtyVrzy+xMMEtO7HziYy9Pl
vFjhdSDf0vm/bNcf7f0av5XC+405nrwzhPL4dTj+CmMKKK4CGxJg8BxDIsYkae+V
6A6tD6ZrXybnmgy4+ip15d8ISfQxbV5a8H6uWl8tjKfQzXHEr5wafDN8V1tjMyxw
Fn9GP9P6kOn5DVf0TGqvNBb1GTy/beuo01Ck2veB16WCth2BzGiAb8hbdEIhtZXI
32HLs7GiUa4IjqBgIIvGVXurVYcnsgbi08bKTvO3dJQmz66/EusOoP4oNmJM4HFL
ztxoWXAchgrb9iWiwv/xN0IggqGUzkn2GdH0EK5EldIE0bFxwUBCvDRSWdsXGh8N
fc9lZIn4sUGCyRt0K8vlLyF7I9OXS5C2UU+4vPy6uaDXPtvFS6eM4lia7TlG/dnV
Apz0aKvdhGqLfUv3fyWSUgNDFl7bksmWHFtjO0D1CusK1Qx1wekAZwNosnQurrVu
efqIbcAAHAtBkRMgsayPt17+bgsGNHplqLYD97tyg1zXIw+ZFFQ=
=Vuv3
-----END PGP SIGNATURE-----
--- End Message ---