File _patchinfo of Package patchinfo.34811

<patchinfo incident="34811">
  <issue tracker="cve" id="2024-38875"/>
  <issue tracker="cve" id="2023-23969"/>
  <issue tracker="cve" id="2024-39329"/>
  <issue tracker="cve" id="2024-39330"/>
  <issue tracker="cve" id="2024-39614"/>
  <issue tracker="bnc" id="1227590">VUL-0: CVE-2024-38875: python-Django: potential denial-of-service through django.utils.html.urlize()</issue>
  <issue tracker="bnc" id="1207565">VUL-0: CVE-2023-23969: python-Django: potential denial-of-service via Accept-Language headers</issue>
  <issue tracker="bnc" id="1227593">VUL-0: CVE-2024-39329: python-Django: username enumeration through timing difference for users with unusable passwords</issue>
  <issue tracker="bnc" id="1227594">VUL-0: CVE-2024-39330: python-Django: potential directory traversal in django.core.files.storage.Storage.save()</issue>
  <issue tracker="bnc" id="1227595">VUL-0: CVE-2024-39614: python-Django: potential denial-of-service through django.utils.translation.get_supported_language_variant()</issue>
  <packager>nkrapp</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-Django</summary>
  <description>This update for python-Django fixes the following issues:

- CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590)
- CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593)
- CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594)
- CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595)
- CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (bsc#1207565)
</description>
</patchinfo>