Bug#1099682: python-django: CVE-2025-26699

Chris Lamb Thu, 06 Mar 2025 15:52:49 -0800

Package: python-django
Version: 2:2.2.28-1~deb11u5
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security


Hi,

The following vulnerability was published for python-django.

    CVE-2025-26699 [0]: Potential denial-of-service in
    django.utils.text.wrap()

    The django.utils.text.wrap() and wordwrap template filter were
    subject to a potential denial-of-service attack when used with
    very long strings.

    Thanks to sw0rd1ight for the report.

    This issue has severity "moderate" according to the Django
    security policy.

      — <https://www.djangoproject.com/weblog/2025/mar/06/security-releases/>


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-26699
    https://www.cve.org/CVERecord?id=CVE-2025-26699


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] / chris-lamb.co.uk
       `-

Bug#1099682: python-django: CVE-2025-26699

Reply via email to