Your message dated Wed, 15 Jan 2025 18:28:11 +0000
with message-id <[email protected]>
and subject line Bug#1093049: fixed in python-django 3:5.1.5-1
has caused the Debian Bug report #1093049,
regarding python-django: CVE-2024-56374
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1093049: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093049
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-django
Version: 2:2.2.28-1~deb11u4
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-django.
CVE-2024-56374[0]:
| An issue was discovered in Django 5.1 before 5.1.5, 5.0 before
| 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement
| in strings passed when performing IPv6 validation could lead to a
| potential denial-of-service attack. The undocumented and private
| functions clean_ipv6_address and is_valid_ipv6_address are
| vulnerable, as is the django.forms.GenericIPAddressField form field.
| (The django.db.models.GenericIPAddressField model field is not
| affected.)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56374
https://www.cve.org/CVERecord?id=CVE-2024-56374
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 3:5.1.5-1
Done: Chris Lamb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jan 2025 17:48:05 +0000
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:5.1.5-1
Distribution: experimental
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 1093049
Changes:
python-django (3:5.1.5-1) experimental; urgency=high
.
* New upstream security release. (Closes: #1093049)
.
- CVE-2024-56374: Potential denial-of-service vulnerability in IPv6
validation.
.
A lack of upper bound limit enforcement in strings passed when performing
IPv6 validation could have led to a potential denial-of-service (DoS)
attack. The undocumented and private functions clean_ipv6_address and
is_valid_ipv6_address were vulnerable, as was the GenericIPAddressField
form field, which has now been updated to define a max_length of 39
characters. The GenericIPAddressField model field was not affected.
.
<https://www.djangoproject.com/weblog/2025/jan/14/security-releases/>
Checksums-Sha1:
05454ea894def9bf6587ccc1f785d71adba52cd2 2783 python-django_5.1.5-1.dsc
b41593f64adf86667e6a36c97aebe7ec832fc474 10700031
python-django_5.1.5.orig.tar.gz
3b20a874feb6417ef6dbb3c53aa99bf706fae243 29740
python-django_5.1.5-1.debian.tar.xz
7be826beb6fd90e535a2c4b53fa2c80571528907 8561
python-django_5.1.5-1_amd64.buildinfo
Checksums-Sha256:
0682c7dbea59a0e0394ffdd475c3df7d3d492bb1662c5822640a4693472124a0 2783
python-django_5.1.5-1.dsc
19bbca786df50b9eca23cee79d495facf55c8f5c54c529d9bf1fe7b5ea086af3 10700031
python-django_5.1.5.orig.tar.gz
408129ba9041fddde85a604b9121bcc4517d794ab3b174e4f281874967c03d9d 29740
python-django_5.1.5-1.debian.tar.xz
e4d5f9d182fa0f52154e07dc6168070b276534f13041bf1da0340e8968e54c44 8561
python-django_5.1.5-1_amd64.buildinfo
Files:
ce0373b8a5924a4362a29e95e2427e5c 2783 python optional python-django_5.1.5-1.dsc
272e951dbc4ccb7854c5a69aa5650749 10700031 python optional
python-django_5.1.5.orig.tar.gz
8eb945bbc7c2a47211e3887383bd7311 29740 python optional
python-django_5.1.5-1.debian.tar.xz
4e49f03c1f524287a4a99b7f56014621 8561 python optional
python-django_5.1.5-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmeH9nQACgkQHpU+J9Qx
HliILhAAjLHqSR293DC7sARuw+w0ndMM1ZLzGP55d6Fb/aT51lZOLDP4ve7FDR/f
/VxOTpCwd86PPRRTqEn73Jw0Dvfe5ea8b2LoQDTdiMixZbAqe9N+lQ/WSG7l5hOM
/JINpndb96N/BUbh9tkbEihNQB05gBWp3VVKoldb/2ti77jzgmhi2RXKHV2BcmCk
XBXqReluXvWZYd/5iXAt8D7uwbDypNvxT8id3pTS0g5G/WNklueXM3JxgWikxQm2
8nK1OrzzAiUaDfJmnrAioypS0WVtmQFeGOPNqCLazuWxR2r1cLYL0BSeRRA1sJib
rDTKld7LNwVdGQuA2H3uAm99AT36PWyDaX5pstF2OsToG97jlNxjCu9Fb3ufth9Y
RkAwI2mJ+A1JF82fAZIO5ykzOusGiG2BGPOqMyUl5yWLMzHYadf4tzc9ogjLot+Y
Gme6RtjnTJ6qDfxt2YhkHVl+FAG9OGOXs5DuDJU5rNvGl8QIwGEwC8VknczCLeoZ
NSbzaxBoxRE7uWYNHUi8H4G5rWFxOffWxpxqtikzoodSLtq+26Yoa49S9FXtcsYl
PVL03nDUzjVg8Pmi5Mf+JfOgfLhKMP3o5zgAhwGTaNeRCMD6em1P4UiWKTkHNTBI
HajHx8ozT1M3zm23rR+HcExCDsRuOMbSjd4Npk2o89GUEUfst+I=
=sUOr
-----END PGP SIGNATURE-----
pgpSayoTZqPjj.pgp
Description: PGP signature
--- End Message ---
