godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-10 10:10:28 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
4196900a1c5e6c03576f617bf7c8ff81bf66dd06
buildroot/package/python-django/python-django.hash
Peter Korsgaard 0bc9bf9888 package/python-django: security bump to version 4.1.12 
Fixes the following security issue:

CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator

Following the fix for CVE-2019-14232, the regular expressions used in the
implementation of django.utils.text.Truncator’s chars() and words() methods
(with html=True) were revised and improved.  However, these regular
expressions still exhibited linear backtracking complexity, so when given a
very long, potentially malformed HTML input, the evaluation would still be
slow, leading to a potential denial of service vulnerability.

The chars() and words() methods are used to implement the truncatechars_html
and truncatewords_html template filters, which were thus also vulnerable.

The input processed by Truncator, when operating in HTML mode, has been
limited to the first five million characters in order to avoid potential
performance and memory issues.

https://www.djangoproject.com/weblog/2023/oct/04/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-30 08:35:24 +01:00

6 lines
326 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/django/json
md5 6f95e92e5e8964c4a1e00e2fcaadf437 Django-4.1.12.tar.gz
sha256 d02483ad49872238fa59875c1269293fe4f17ecee13c121893607cc0b284696b Django-4.1.12.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
Reference in New Issue View Git Blame Copy Permalink