-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3500-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb July 19, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-django Version : 1:1.11.29-1+deb10u9 CVE ID : CVE-2023-36053 Debian Bug : 1040225 It was discovered that there was a potential denial of service attack in Django, the popular Python-based web development framework. EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name labels of emails and URLs. For Debian 10 buster, this problem has been fixed in version 1:1.11.29-1+deb10u9. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmS3sukACgkQHpU+J9Qx Hlh0YQ/+Ip+rf/P2lZOxQ1sa2c18W6Nk1Synfmdc81QijHIjufdrqDl9E/LVFIGy +nsXX/d7VupW1ojXZ1/9ZgUDz5kuJyriikTlvKCLFObgdD6ab3DeRy/S9LTPI3K/ zis/zPthxZPFwKdefmmIXQBRum+4wC93i9937XyOhrjDcvKftv3AgCBMRrr3IVKv dJkzVu4YHKwoXDTMFqvKvc6rbsAcdN5L08pG3PQ0LrHLt3UBRhHCVC9t0Yp19aHu oSyk0S5XI6XLm6ESVCYYsDB2ExXb5vzMQGZokXFujKJFZTl3QrCgN7CfqJp1zVfF x96viZHQhsjWo887EzI9Mbuee91Wc8og2DaOhlSj98edUCVQE3Cqb5o4iGDE2GZN QZy0grD5s7TVV827VaHuXkrmIbwzSaaEAoFszaLqsZIPAjJyb/FfgkFzvBV8yWps PEQWxCgihXQtoJ4i6Ywd+hjQUZuILRBn9u9lxPPlsJm82kpXrSxlKIS7DC4RPJCm abw+nfSNaDepc71YF067kU0akSogOU3YzbErldVhrc/1gYMnw3829DzjDtIAvguz kLWvS+dEhkmvp6xsCPEeo4KskdoOxwsQ+vHR/qXwovrlfdEwfy/dA/8DwGTkGskC dOy6GYHZ7tcplHwWM4MdaMrbHG/aQO/5vbhdc6flwmAhx96CT7w= =tCYR -----END PGP SIGNATURE-----
