./www/py-django3, Django, a high-level Python Web framework

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.2.25, Package name: py312-django-3.2.25, Maintainer: pkgsrc-users

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.


Required to run:
[devel/py-setuptools] [time/py-pytz] [databases/py-sqlparse] [www/py-asgiref] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 9605.797 KB

Version history: (Expand)


CVS history: (Expand)


   2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862)
Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays
   2024-03-04 16:47:29 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.25

Django 3.2.25 fixes a security issue with severity “moderate” and a \ 
regression in 3.2.24.

CVE-2024-27351: Potential regular expression denial-of-service in \ 
django.utils.text.Truncator.words()

django.utils.text.Truncator.words() method (with html=True) and \ 
truncatewords_html template filter were subject to a potential regular \ 
expression denial-of-service attack using a suitably crafted string (follow up \ 
to CVE-2019-14232 and CVE-2023-43665).

Bugfixes

Fixed a regression in Django 3.2.24 where intcomma template filter could return \ 
a leading comma for string representation of floats.
   2024-02-09 11:34:29 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Replace databases/py-mysqldb with databases/py-mysqlclient
   2024-02-08 23:46:48 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-django3: updated to 3.2.24

Django 3.2.24 fixes a security issue with severity “moderate” in 3.2.23.

CVE-2024-24680: Potential denial-of-service in intcomma template filter

The intcomma template filter was subject to a potential denial-of-service attack \ 
when used with very long strings.
   2023-11-01 21:17:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.23

Django 3.2.23

CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows
   2023-10-04 22:13:51 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.22

Django 3.2.22 fixes a security issue with severity “moderate” in 3.2.21.

CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator

Following the fix for CVE-2019-14232, the regular expressions used in the \ 
implementation of django.utils.text.Truncator’s chars() and words() methods \ 
(with html=True) were revised and improved. However, these regular expressions \ 
still exhibited linear backtracking complexity, so when given a very long, \ 
potentially malformed HTML input, the evaluation would still be slow, leading to \ 
a potential denial of service vulnerability.

The chars() and words() methods are used to implement the truncatechars_html and \ 
truncatewords_html template filters, which were thus also vulnerable.

The input processed by Truncator, when operating in HTML mode, has been limited \ 
to the first five million characters in order to avoid potential performance and \ 
memory issues.
   2023-09-13 11:58:30 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.21

Django 3.2.21 fixes a security issue with severity “moderate” in 3.2.20.

CVE-2023-41164: Potential denial of service vulnerability in \ 
django.utils.encoding.uri_to_iri()
   2023-08-04 07:22:05 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.20

Django 3.2.20 fixes a security issue with severity “moderate” in 3.2.19.

CVE-2023-36053: Potential regular expression denial of service vulnerability in \ 
EmailValidator/URLValidator¶

EmailValidator and URLValidator were subject to potential regular expression \ 
denial of service attack via a very large number of domain name labels of emails \ 
and URLs.