Your message dated Mon, 03 Jul 2023 19:53:12 +0000
with message-id <[email protected]>
and subject line Bug#1040225: fixed in python-django 3:3.2.20-1
has caused the Debian Bug report #1040225,
regarding python-django: CVE-2023-36053
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1040225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040225
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-django
Version: 1:1.10.7-2+deb9u17
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-django.
CVE-2023-36053[0]:
| In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3,
| EmailValidator and URLValidator are subject to a potential ReDoS
| (regular expression denial of service) attack via a very large
| number of domain name labels of emails and URLs.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36053
https://www.cve.org/CVERecord?id=CVE-2023-36053
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 3:3.2.20-1
Done: Chris Lamb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 03 Jul 2023 20:34:24 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:3.2.20-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 1040225
Changes:
python-django (3:3.2.20-1) unstable; urgency=high
.
* New upstream security release:
.
- CVE-2023-36053: Potential regular expression denial of service
vulnerability in EmailValidator/URLValidator.
.
EmailValidator and URLValidator were subject to potential regular
expression denial of service attack via a very large number of domain
name labels of emails and URLs. (Closes: #1040225)
Checksums-Sha1:
286b4c4566f154398dab8cdbf69ef92d4c39097b 2807 python-django_3.2.20-1.dsc
423cf6233f07ce8c8d9c0d35eb40ca5bcead7963 9831078
python-django_3.2.20.orig.tar.gz
311f1c69944d48f3bf9ffbeb504e771dc6e2e7fd 38128
python-django_3.2.20-1.debian.tar.xz
2fe689d46e0245f06bf99fb3d52a35dd99d5bc0f 7942
python-django_3.2.20-1_amd64.buildinfo
Checksums-Sha256:
65090780ea7c9d6f7a7fa4708fbf329aae05dfda8d0933989196af0cc2aef647 2807
python-django_3.2.20-1.dsc
dec2a116787b8e14962014bf78e120bba454135108e1af9e9b91ade7b2964c40 9831078
python-django_3.2.20.orig.tar.gz
11196ba770ed5a83af943fa96e6f9e1736171be0984bd80753ed1a63d6f87838 38128
python-django_3.2.20-1.debian.tar.xz
1a58fd9080c1c5d008453ff48d4039aa3203847118e32d65e8357a0864f8f373 7942
python-django_3.2.20-1_amd64.buildinfo
Files:
d262d7c0cfde9a9e33952380a6b2ac58 2807 python optional
python-django_3.2.20-1.dsc
effe6b4ccf2606818578b9e9a94d01e0 9831078 python optional
python-django_3.2.20.orig.tar.gz
11e11076e22506ed9b7eeac37eb5eda6 38128 python optional
python-django_3.2.20-1.debian.tar.xz
602c5a66164a1ce7f1d1987fa736897b 7942 python optional
python-django_3.2.20-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmSjJFwACgkQHpU+J9Qx
HljavBAAoInKrzXRN6ZasRA6cRiAQm1yp3ou4hlyQXuQnvKB5N67+aysXmyE0xJP
P47S9vUSwmZDat4wjdO+TzcyCZh8BFlZ1Imx2sBHRJHNSJEJtPoFlvzrFs1akJHo
d0bSppaSB3yW2GwzLQo+8jdVGw6A84FivDXVAwDBICV5Rb7YqEc0L2B/AXfo2Sga
JpfMP1oadIBqKc2bxPR+GcPqJGRYWTicXiAKg0Vo9S9dZxOWIEw6o1x8EUBtLylk
cweYaNPKl9bMPhSuWnFRHXUoNhmxcJ5yJyu7VwgNoApUI+qKoxR0oJ+UeAq1+vo8
TqycKCIr2qPOncjaPc1yxWqTHJHAa42oj6Jif+D6HFXpa2tm7cIdFVSuUk8pAWX+
k9sFkBnVurJaUCovlp+/MbZt+596Swdw0iVC3636pHtXAMw7It0F9Jf1vj/6ymFE
hPVu6FAivsgUgpNZaghlOnCDoQMIEL4RsIc0yS3/jU5Obzzc71FO+ACk+CTfPCm0
EB57qeDwuAX+v1AAT/SkGyQRBkpZAQfrJRb17XWt6HObUhlGrMjNY48QtBS4MPDu
+apArFyMUf21E1nmBBZ+qpMjWFOK8QhHhfadSwBMzFQldYgsoHNRmEENe0YcmC3v
0LiRPd/RwLpWfbRRbWMIpAh9R/JI7vwBkUmv0JQ3CJq+r/9v5Y8=
=Dmxk
-----END PGP SIGNATURE-----
--- End Message ---
