-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a53ab7c969 2023-04-28 02:35:08.160658 --------------------------------------------------------------------------------
Name : python-django Product : Fedora 38 Version : 4.0.10 Release : 1.fc38 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
-------------------------------------------------------------------------------- Update Information:
Security fix for: - CVE-2023-24580 - CVE-2023-23969 - CVE-2022-41323 - CVE-2022-36359 - CVE-2022-34265 - CVE-2022-28346 - CVE-2022-28347 https://docs.djangoproject.com/en/4.2/releases/4.0.3/ https://docs.djangoproject.com/en/4.2/releases/4.0.4/ https://docs.djangoproject.com/en/4.2/releases/4.0.5/ https://docs.djangoproject.com/en/4.2/releases/4.0.6/ https://docs.djangoproject.com/en/4.2/releases/4.0.7/ https://docs.djangoproject.com/en/4.2/releases/4.0.8/ https://docs.djangoproject.com/en/4.2/releases/4.0.9/ https://docs.djangoproject.com/en/4.2/releases/4.0.10/ -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 3 2023 Miro Hron��ok mhroncok@redhat.com - 4.0.10-1 - Update to 4.0.10 * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 4.0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra() https://bugzilla.redhat.com/show_bug.cgi?id=2072447 [ 2 ] Bug #2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL https://bugzilla.redhat.com/show_bug.cgi?id=2072459 [ 3 ] Bug #2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments https://bugzilla.redhat.com/show_bug.cgi?id=2102896 [ 4 ] Bug #2136130 - CVE-2022-41323 python-django: Potential denial-of-service vulnerability in internationalized URLs https://bugzilla.redhat.com/show_bug.cgi?id=2136130 [ 5 ] Bug #2166457 - CVE-2023-23969 python-django: Potential denial-of-service via Accept-Language headers https://bugzilla.redhat.com/show_bug.cgi?id=2166457 [ 6 ] Bug #2169402 - CVE-2023-24580 python-django: Potential denial-of-service vulnerability in file uploads https://bugzilla.redhat.com/show_bug.cgi?id=2169402 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a53ab7c969' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------