-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3329-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb February 20, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-django Version : 1:1.11.29-1+deb10u7 CVE ID : CVE-2023-24580 Debian Bug : 1031290 It was discovered that there was a denial-of-service vulnerability in Django, a Python-based web development framework. Passing certain inputs to multipart forms could have resulted in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. The number of files parts parsed is now limited via a new DATA_UPLOAD_MAX_NUMBER_FILES setting. For Debian 10 buster, this problem has been fixed in version 1:1.11.29-1+deb10u7. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmPz0bAACgkQHpU+J9Qx HlhdiA//Z1p11SsKqL2/4+ghI5dhnjLUYnWPalxRy5OoRrejPaAjMONFruNcxzCZ +BDycnptvaXl6QOBRGgBvhANyhoFCAPtTapHQWKzBxKsJfYX/SmXgWG+tTgNs5c5 CwbTciEjneML3Y8tdxpbpgem5TP3HERqJozWPy7nYr9WOKpx5u475Xerova5xzQb csfppmriGZo59biDeoeO+nhQGcnagezRYPnOiTXmZlK1JpUu5bN5kxoGnWhibT9q y2upC5i9UZAbSKjkHg9DIMkD4e6MmNwzMBkVrIUilDvKz5Ac0eHVjUAnA+JB/RTT L0z9Ddt1MmolHO5PYl+qpaj2acFgF3QzUMzOzPYFASFURy4e2w5vd8tk47hntW5t qfl/lXIW9+wafY9bqpr2P7sklXvjpJuj/2VM4kQr14qHFA9kfs6/iqsyVKAomtwb gsInF4PvQbm/9u7HKxSNqdRhGg6wC1YN0j3b+jEaWjviKgSVVVORpq24uW6/wvyM +deVCV0GbNC6bdqXxtcNfjblKDZnHu3HmKJ08dvZIHOvcPSM9EaIsBd9suepvNkb ABx2GbReFkvDzleSxFe49vmpRwNUInc+Q+I1BJ9kv+32c3BQy0rjTRPykICFNZ+4 UhL9cnqlDHJOxdWfwjviQ7ER+KkliLFHaYKJHTm+lJlsMP1bMoE= =iA59 -----END PGP SIGNATURE-----