-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-2ec03ca8cb 2024-04-18 01:11:31.874264 --------------------------------------------------------------------------------
Name : python-django Product : Fedora 39 Version : 4.2.11 Release : 2.fc39 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
-------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2024-24680 and CVE-2024-27351 -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 9 2024 Michel Lind salimma@fedoraproject.org - 4.2.11-2 - Update list of bundled Javascript modules - Add virtual Provides and Conflicts to allow swapping Django stacks - Re-enable tests temporarily disabled for Python 3.12 beta * Mon Apr 8 2024 Michel Lind salimma@fedoraproject.org - 4.2.11-1 - Update to 4.2.11 - Resolves CVE-2024-24680 (rhbz#2263505) - Resolves CVE-2024-27351 (rhbz#2267654) * Tue Mar 12 2024 Miro Hron��ok miro@hroncok.cz - 4.2.6-5 - No longer own the /usr/share/bash-completion directory * Fri Jan 26 2024 Fedora Release Engineering releng@fedoraproject.org - 4.2.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering releng@fedoraproject.org - 4.2.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2263505 - CVE-2024-24680 python-django: Django: denial-of-service in ``intcomma`` template filter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263505 [ 2 ] Bug #2267654 - CVE-2024-27351 python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2267654 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2ec03ca8cb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------