unsubscribe On Sun, May 25, 2025 at 7:06 PM Colin Watson <[email protected]> wrote:
> Colin Watson uploaded new packages for python-django which fixed the > following security problems: > > CVE-2025-32873 > > Denial-of-service possibility in strip_tags(). > django.utils.html.strip_tags() would be slow to evaluate certain > inputs containing large sequences of incomplete HTML tags. This > function is used to implement the striptags template filter, which > was therefore also vulnerable. strip_tags() now raises a > SuspiciousOperation exception if it encounters an unusually large > number of unclosed opening tags. > > For the bookworm-backports distribution the problem has been fixed in > version 3:4.2.21-1~bpo12+1. > > -- > Colin Watson (he/him) [[email protected]] > -- Kendall Gifford [email protected]
