Package: python-django | Debian Sources

Package: python-django / 2:2.2.28-1~deb11u2

Metadata

Package	Version	Patches format
python-django	2:2.2.28-1~deb11u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 disable sources in sphinxdoc.diff \| (download)	docs/conf.py \| 5 4 + 1 - 0 ! 1 file changed, 4 insertions(+), 1 deletion(-)	disable creation of _sources directory by sphinx We do this to save some space as the sources of the documentation are not really useful in a binary package. . This is a Debian specific patch.
0002 use_debian_geoip_database_as_default.diff \| (download)	django/contrib/gis/geoip2/base.py \| 9 6 + 3 - 0 ! 1 file changed, 6 insertions(+), 3 deletions(-)	use debian geoip database path as default Default to Debian standard path for GeoIP directory and for GeoIP city file. Avoids the need to declare them in each project. . This is a Debian specific patch. Bug-Debian: http://bugs.debian.org/645094
0004 Use locally installed documentation sources.patch \| (download)	docs/conf.py \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	use locally installed documentation sources
0004 Set the default shebang to new projects to use Pytho.patch \| (download)	django/conf/project_template/manage.py-tpl \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	set the default shebang to new projects to use python 3.
0005 Use usr bin env python3 shebang for django admin.py.patch \| (download)	django/bin/django-admin.py \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	use #!/usr/bin/env python3 shebang for django-admin.py.
0006 Moved RequestSite import to the toplevel.patch \| (download)	django/contrib/sites/shortcuts.py \| 7 4 + 3 - 0 ! 1 file changed, 4 insertions(+), 3 deletions(-)	moved requestsite import to the toplevel. Via https://github.com/django/django/commit/78163d1ac4407d59bfc5fdf1f84f2dbbb2ed3443
0007 fix url validator.patch \| (download)	django/core/validators.py \| 13 7 + 6 - 0 ! 1 file changed, 7 insertions(+), 6 deletions(-)	fixed urlvalidator crash in some edge cases
CVE 2022 34265.patch \| (download)	django/db/backends/base/operations.py \| 3 3 + 0 - 0 ! django/db/models/functions/datetime.py \| 4 4 + 0 - 0 ! tests/db_functions/datetime/test_extract_trunc.py \| 34 34 + 0 - 0 ! 3 files changed, 41 insertions(+)	[patch] fixed cve-2022-34265 -- protected Trunc(kind)/Extract(lookup_name) against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
CVE 2022 36359.patch \| (download)	django/http/response.py \| 4 3 + 1 - 0 ! tests/responses/test_fileresponse.py \| 35 35 + 0 - 0 ! 2 files changed, 38 insertions(+), 1 deletion(-)	[patch] fixed cve-2022-36359 -- escaped filename in Content-Disposition header. Thanks to Motoyasu Saburi for the report.
CVE 2022 41323.patch \| (download)	django/urls/resolvers.py \| 2 1 + 1 - 0 ! tests/i18n/patterns/tests.py \| 6 6 + 0 - 0 ! 2 files changed, 7 insertions(+), 1 deletion(-)	[patch] fixed cve-2022-41323 -- prevented locales being interpreted as regular expressions. Thanks to Benjamin Balder Bach for the report.
CVE 2023 36053.patch \| (download)	django/core/validators.py \| 7 6 + 1 - 0 ! django/forms/fields.py \| 3 3 + 0 - 0 ! docs/ref/validators.txt \| 17 17 + 0 - 0 ! tests/forms_tests/field_tests/test_emailfield.py \| 5 4 + 1 - 0 ! tests/forms_tests/tests/test_forms.py \| 19 13 + 6 - 0 ! tests/validators/tests.py \| 11 11 + 0 - 0 ! 6 files changed, 54 insertions(+), 8 deletions(-)	[patch] [3.2.x] fixed cve-2023-36053 -- prevented potential redos in EmailValidator and URLValidator. Thanks Seokchan Yoon for reports.
CVE 2023 31047.patch \| (download)	django/forms/widgets.py \| 26 25 + 1 - 0 ! docs/topics/http/file-uploads.txt \| 24 21 + 3 - 0 ! tests/forms_tests/field_tests/test_filefield.py \| 68 67 + 1 - 0 ! tests/forms_tests/widget_tests/test_clearablefileinput.py \| 5 5 + 0 - 0 ! tests/forms_tests/widget_tests/test_fileinput.py \| 43 43 + 0 - 0 ! 5 files changed, 161 insertions(+), 5 deletions(-)	[patch] [3.2.x] fixed cve-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. Thanks Moataz Al-Sharida and nawaik for reports. Co-authored-by: Shai Berger <shai@platonix.com> Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
CVE 2023 24580.patch \| (download)	django/conf/global_settings.py \| 4 4 + 0 - 0 ! django/core/exceptions.py \| 9 9 + 0 - 0 ! django/core/handlers/exception.py \| 3 2 + 1 - 0 ! django/http/multipartparser.py \| 62 51 + 11 - 0 ! django/http/request.py \| 6 4 + 2 - 0 ! docs/ref/settings.txt \| 23 23 + 0 - 0 ! tests/handlers/test_exception.py \| 31 30 + 1 - 0 ! tests/requests/test_data_upload_settings.py \| 53 52 + 1 - 0 ! 8 files changed, 175 insertions(+), 16 deletions(-)	[patch] fixed cve-2023-24580 -- prevented dos with too many uploaded files. Thanks to Jakob Ackermann for the report.
CVE 2023 23969.patch \| (download)	django/utils/translation/trans_real.py \| 32 31 + 1 - 0 ! tests/i18n/tests.py \| 8 8 + 0 - 0 ! 2 files changed, 39 insertions(+), 1 deletion(-)	[patch] [3.2.x] fixed cve-2023-23969 -- prevented dos with pathological values for Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue.

1