Security update for python-Django
This update for python-Django fixes the following issues:
* CVE-2024-42005: Fixed potential SQL injection in QuerySet.values() and values_list() (boo#1228629)
* CVE-2024-41989: Fixed memory exhaustion in django.utils.numberformat.floatformat() (boo#1228630)
* CVE-2024-41990: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1228631)
* CVE-2024-41991: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (boo#1228632)
-
Submitted by
Markéta Machová (mcalabkova)
Fixed bugs
bnc#1228631
VUL-0: CVE-2024-41991: python-Django,python-Django1,python-Django4: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
bnc#1228629
VUL-0: CVE-2024-41989: python-Django,python-Django1,python-Django4: Memory exhaustion in django.utils.numberformat.floatformat()
bnc#1228632
VUL-0: CVE-2024-42005: python-Django,python-Django1,python-Django4: Potential SQL injection in QuerySet.values() and values_list()
bnc#1228630
VUL-0: CVE-2024-41990: python-Django,python-Django1,python-Django4: Potential denial-of-service vulnerability in django.utils.html.urlize()
