Fedora Linux 8639 Published by

A python-django3 security update has been released for Fedora 37.



SECURITY: Fedora 37 Update: python-django3-3.2.18-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-bde7913e5a
2023-03-05 01:36:28.929377
--------------------------------------------------------------------------------

Name : python-django3
Product : Fedora 37
Version : 3.2.18
Release : 1.fc37
URL :   https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Security fixes for CVE-2022-24580 and CVE-2023-41323
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 24 2023 Michel Alexandre Salim - 3.2.18-1
- Update to 3.2.18
- convert to SPDX license identifier
* Fri Oct 7 2022 Michel Alexandre Salim - 3.2.15-2
- Only build doc on releases with Sphinx >= 4.5.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2136134 - CVE-2022-41323 python-django3: python-django: Potential denial-of-service vulnerability in internationalized URLs [epel-8]
  https://bugzilla.redhat.com/show_bug.cgi?id=2136134
[ 2 ] Bug #2136137 - CVE-2022-41323 python-django3: python-django: Potential denial-of-service vulnerability in internationalized URLs [fedora-36]
  https://bugzilla.redhat.com/show_bug.cgi?id=2136137
[ 3 ] Bug #2169742 - CVE-2023-24580 python-django3: python-django: Potential denial-of-service vulnerability in file uploads [epel-8]
  https://bugzilla.redhat.com/show_bug.cgi?id=2169742
[ 4 ] Bug #2169744 - CVE-2023-24580 python-django3: python-django: Potential denial-of-service vulnerability in file uploads [fedora-36]
  https://bugzilla.redhat.com/show_bug.cgi?id=2169744
[ 5 ] Bug #2169746 - CVE-2023-24580 python-django3: python-django: Potential denial-of-service vulnerability in file uploads [fedora-37]
  https://bugzilla.redhat.com/show_bug.cgi?id=2169746
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-bde7913e5a' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________