File _patchinfo of Package patchinfo.34948

<patchinfo incident="34948">
  <issue tracker="cve" id="2024-41990"/>
  <issue tracker="cve" id="2024-41989"/>
  <issue tracker="cve" id="2022-28346"/>
  <issue tracker="cve" id="2024-41991"/>
  <issue tracker="cve" id="2024-42005"/>
  <issue tracker="cve" id="2019-12308"/>
  <issue tracker="bnc" id="1228630">VUL-0: EMBARGOED: CVE-2024-41990: python-Django,python-Django1,python-Django4: Potential denial-of-service vulnerability in django.utils.html.urlize()</issue>
  <issue tracker="bnc" id="1228631">VUL-0: EMBARGOED: CVE-2024-41991: python-Django,python-Django1,python-Django4: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget</issue>
  <issue tracker="bnc" id="1228632">VUL-0: EMBARGOED: CVE-2024-42005: python-Django,python-Django1,python-Django4: Potential SQL injection in QuerySet.values() and values_list()</issue>
  <issue tracker="bnc" id="1228629">VUL-0: EMBARGOED: CVE-2024-41989: python-Django,python-Django1,python-Django4: Memory exhaustion in django.utils.numberformat.floatformat()</issue>
  <issue tracker="bnc" id="1198398">VUL-0: CVE-2022-28346: python-Django,python-Django1: Potential SQL injection in QuerySet.annotate(),aggregate() and extra()</issue>
  <issue tracker="bnc" id="1136468">VUL-0: CVE-2019-12308: python-Django, python-Django1 : The clickable "Current URL" link generated by AdminURLFieldWidget displays the provided value without validating it as a safe</issue>
  <packager>mcalabkova</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-Django</summary>
  <description>This update for python-Django fixes the following issues:

- CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629)
- CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630)
- CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631)
- CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632)
- CVE-2022-28346: Fixed SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398)
- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
</description>
</patchinfo>