Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2023-23969: Potential denial-of-service via Accept-Language headers (boo#1207565)
- CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (boo#1227590)
- CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (boo#1227593)
- CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (boo#1227594)
- CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language-variant() (boo#1227595)
-
Submitted by
Nico Krapp (nkrapp)
Fixed bugs
bnc#1227593
VUL-0: CVE-2024-39329: python-Django: username enumeration through timing difference for users with unusable passwords
bnc#1227594
VUL-0: CVE-2024-39330: python-Django: potential directory traversal in django.core.files.storage.Storage.save()
bnc#1207565
VUL-0: CVE-2023-23969: python-Django: potential denial-of-service via Accept-Language headers
bnc#1227590
VUL-0: CVE-2024-38875: python-Django: potential denial-of-service through django.utils.html.urlize()
bnc#1227595
VUL-0: CVE-2024-39614: python-Django: potential denial-of-service through django.utils.translation.get_supported_language_variant()
