Advisories » MGASA-2025-0153

Updated python-django packages fix security vulnerability

Publication date: 11 May 2025
Modification date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32873

Description

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9,
and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is
vulnerable to a potential denial-of-service (slow performance) when
processing inputs containing large sequences of incomplete HTML tags.
The template filter striptags is also vulnerable, because it is built on
top of strip_tags(). (CVE-2025-32873)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34259
• https://ubuntu.com/security/notices/USN-7501-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

SRPMS

9/core

• python-django-4.1.13-1.4.mga9