Public bug reported:
https://www.openwall.com/lists/oss-security/2025/06/10/2 "Following the June 4, 2025 security release, the Django team is issuing releases for `Django 5.2.3 <https://docs.djangoproject.com/en/dev/releases/5.2.3/>`_, `Django 5.1.11 <https://docs.djangoproject.com/en/dev/releases/5.1.11/>`_, and `Django 4.2.23 <https://docs.djangoproject.com/en/dev/releases/4.2.23/>`_ to complete mitigation for CVE-2025-48432: Potential log injection via unescaped request path (`full description < https://www.djangoproject.com/weblog/2025/jun/04/security-releases/>`_). These follow-up releases migrate remaining response logging paths to a safer logging implementation, ensuring that all untrusted input is properly escaped before being written to logs. This update does not introduce a new CVE but strengthens the original fix. " ** Affects: python-django (Ubuntu) Importance: Undecided Assignee: Leonidas S. Barbosa (leosilvab) Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2113924 Title: Incomplete fix for CVE-2025-48432 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/2113924/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
