diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-06 17:22:46 +0200 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-06 17:33:37 +0200 |
| commit | e0579ce27746b04a37cf43559df445068fd2a781 (patch) | |
| tree | b6e3e7f55698ef123fea1802af91bf966c599d99 /docs/releases | |
| parent | ae0ca8345dd4a2469ac45211522f8d4bf5bc610c (diff) | |
[4.2.x] Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005 to security archive.
Backport of fdc638bf4a35b5497d0b3b4faedaf552da792f99 from main.
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/security.txt | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 2c4a1007ca..5d2c3900f5 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -36,6 +36,46 @@ Issues under Django's security process All security issues have been handled under versions of Django's security process. These are listed below. +August 6, 2024 - :cve:`2024-42005` +---------------------------------- + +Potential SQL injection in ``QuerySet.values()`` and ``values_list()``. +`Full description +<https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__ + +* Django 5.0 :commit:`(patch) <32ebcbf2e1fe3e5ba79a6554a167efce81f7422d>` +* Django 4.2 :commit:`(patch) <f4af67b9b41e0f4c117a8741da3abbd1c869ab28>` + +August 6, 2024 - :cve:`2024-41991` +---------------------------------- + +Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` and +``AdminURLFieldWidget``. `Full description +<https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__ + +* Django 5.0 :commit:`(patch) <523da8771bce321023f490f70d71a9e973ddc927>` +* Django 4.2 :commit:`(patch) <efea1ef7e2190e3f77ca0651b5458297bc0f6a9f>` + +August 6, 2024 - :cve:`2024-41990` +---------------------------------- + +Potential denial-of-service vulnerability in ``django.utils.html.urlize()``. +`Full description +<https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__ + +* Django 5.0 :commit:`(patch) <7b7b909579c8311c140c89b8a9431bf537febf93>` +* Django 4.2 :commit:`(patch) <d0a82e26a74940bf0c78204933c3bdd6a283eb88>` + +August 6, 2024 - :cve:`2024-41989` +---------------------------------- + +Potential memory exhaustion in ``django.utils.numberformat.floatformat()``. +`Full description +<https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__ + +* Django 5.0 :commit:`(patch) <27900fe56f3d3cabb4aeb6ccb82f92bab29073a8>` +* Django 4.2 :commit:`(patch) <fc76660f589ac07e45e9cd34ccb8087aeb11904b>` + July 9, 2024 - :cve:`2024-39614` -------------------------------- |