--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-8fed428c5e
2023-04-28 02:03:21.036832
--------------------------------------------------------------------------------
Name : python-django
Product : Fedora 37
Version : 4.0.10
Release : 1.fc37
URL :
https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
--------------------------------------------------------------------------------
Update Information:
Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 -
CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347
https://docs.djangoproject.com/en/4.2/releases/4.0.3/
https://docs.djangoproject.com/en/4.2/releases/4.0.4/
https://docs.djangoproject.com/en/4.2/releases/4.0.5/
https://docs.djangoproject.com/en/4.2/releases/4.0.6/
https://docs.djangoproject.com/en/4.2/releases/4.0.7/
https://docs.djangoproject.com/en/4.2/releases/4.0.8/
https://docs.djangoproject.com/en/4.2/releases/4.0.9/
https://docs.djangoproject.com/en/4.2/releases/4.0.10/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 3 2023 Miro Hron��ok <mhroncok(a)redhat.com> - 4.0.10-1
- Update to 4.0.10
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.2-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2072447 - CVE-2022-28346 Django: SQL injection in
QuerySet.annotate(),aggregate() and extra()
https://bugzilla.redhat.com/show_bug.cgi?id=2072447
[ 2 ] Bug #2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options)
on PostgreSQL
https://bugzilla.redhat.com/show_bug.cgi?id=2072459
[ 3 ] Bug #2102896 - CVE-2022-34265 python-django: Potential SQL injection via
Trunc(kind) and Extract(lookup_name) arguments
https://bugzilla.redhat.com/show_bug.cgi?id=2102896
[ 4 ] Bug #2136130 - CVE-2022-41323 python-django: Potential denial-of-service
vulnerability in internationalized URLs
https://bugzilla.redhat.com/show_bug.cgi?id=2136130
[ 5 ] Bug #2166457 - CVE-2023-23969 python-django: Potential denial-of-service via
Accept-Language headers
https://bugzilla.redhat.com/show_bug.cgi?id=2166457
[ 6 ] Bug #2169402 - CVE-2023-24580 python-django: Potential denial-of-service
vulnerability in file uploads
https://bugzilla.redhat.com/show_bug.cgi?id=2169402
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-8fed428c5e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------