--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5c7fb64c74
2024-04-13 03:40:51.150299
--------------------------------------------------------------------------------
Name : python-django
Product : Fedora 40
Version : 4.2.11
Release : 2.fc40
URL :
https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-24680 and CVE-2024-27351
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 9 2024 Michel Lind <salimma(a)fedoraproject.org> - 4.2.11-2
- Update list of bundled Javascript modules
- Add virtual Provides and Conflicts to allow swapping Django stacks
- Re-enable tests temporarily disabled for Python 3.12 beta
* Mon Apr 8 2024 Michel Lind <salimma(a)fedoraproject.org> - 4.2.11-1
- Update to 4.2.11
- Resolves CVE-2024-24680 (rhbz#2263505)
- Resolves CVE-2024-27351 (rhbz#2267654)
* Tue Mar 12 2024 Miro Hron��ok <miro(a)hroncok.cz> - 4.2.6-5
- No longer own the /usr/share/bash-completion directory
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263505 - CVE-2024-24680 python-django: Django: denial-of-service in
``intcomma`` template filter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263505
[ 2 ] Bug #2267654 - CVE-2024-27351 python-django: Potential regular expression
denial-of-service in django.utils.text.Truncator.words() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2267654
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5c7fb64c74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------