Advisories » MGASA-2023-0330

Updated python-django package fixes security vulnerability

Publication date: 29 Nov 2023
Modification date: 29 Nov 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-36053

Description

It was discovered that python-django EmailValidator and URLValidator
were subject to potential regular expression denial of service attack
via a very large number of domain name labels of emails and URLs
(CVE-2023-36053).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32069
• https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36053

SRPMS

8/core

• python-django-3.2.23-1.mga8

9/core

• python-django-4.1.13-1.mga9