© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Scheduled-For: 22.12
Upstream: tbd
Debian: 2:3.2.8-1 2:4.0~alpha1-1
Ubuntu: 2:2.2.24-1ubuntu1
Debian new has 2:4.0~alpha1-1
### New Debian Changes ###
python-django (2:3.2.8-1) unstable; urgency=medium
* New upstream bugfix release.
* Drop a patch applied upstream.
* Bump Standards-Version to 4.6.0.
-- Chris Lamb <email address hidden> Tue, 05 Oct 2021 09:34:57 +0100
python-django (2:3.2.7-4) unstable; urgency=medium
* Skip a test that is fixed upstream (with a number of overlapping patches).
-- Chris Lamb <email address hidden> Mon, 13 Sep 2021 09:03:27 +0100
python-django (2:3.2.7-3) unstable; urgency=medium
* Actually upload 3.2 branch to unstable...
-- Chris Lamb <email address hidden> Thu, 09 Sep 2021 17:49:23 +0100
python-django (2:3.2.7-2) experimental; urgency=medium
* Upload 3.2 branch to unstable.
-- Chris Lamb <email address hidden> Thu, 09 Sep 2021 15:51:11 +0100
python-django (2:3.2.7-1) experimental; urgency=medium
* New upstream bugfix release.
-- Chris Lamb <email address hidden> Wed, 01 Sep 2021 10:46:07 +0100
python-django (2:3.2.6-1) experimental; urgency=medium
* New upstream bugfix release.
<https:/
* Bump Standards-Version to 4.5.1.
-- Chris Lamb <email address hidden> Mon, 02 Aug 2021 09:16:21 +0100
python-django (2:3.2.5-2) experimental; urgency=medium
* Don't symlink /usr/bin/
generated by the entry_points system instead, otherwise we introduce a
confusing 'django-admin.py' deprecation message when using 'django-admin'.
(Closes: #991098)
-- Chris Lamb <email address hidden> Thu, 15 Jul 2021 13:54:57 +0100
python-django (2:3.2.5-1) experimental; urgency=medium
* New upstream security release:
- CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.
Unsanitized user input passed to QuerySet.order_by() could bypass
intended column reference validation in path marked for deprecation
resulting in a potential SQL injection even if a deprecation warning is
emitted. As a mitigation, the strict column reference validation was
restored for the duration of the deprecation period. This regression
appeared in Django version 3.1 as a side effect of fixing another bug
(#31426).
For more information, please see:
<https:/
-- Chris Lamb <email address hidden> Thu, 01 Jul 2021 10:56:07 +0100
python-django (2:3.2.4-1) experimental; urgency=medium
* New upstream security release. (Closes: #989394)
- CVE-2021-33203: Potential directory traversal via admindocs
Staff members could use the admindocs TemplateDetailView view to
check the existence of arbitrary files. Additionally, if (and only
if) the default admindocs templates have been customized by the
developers to also expose the file contents, then not only the
existence but also the file contents would have been exposed.
As a mitigation, path sanitation is now applied and only files
within the template root directories can be loaded.
This issue has low severity, according to the Django security
policy.
Thanks to Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen from
the CodeQL Python team for the report.
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
URLValidator, validate_
validate_
literals. If you used such values you could suffer from
indeterminate SSRF, RFI, and LFI attacks.
validate_
were not affected on Python 3.9.5+.
### Old Ubuntu Delta ###
python-django (2:2.2.24-1ubuntu1) impish; urgency=medium
* d/p/test_
-- Athos Ribeiro <email address hidden> Mon, 04 Oct 2021 10:56:57 -0300